Committer: gariev
LJSV-1498: Disable adding iframe from docs.google.com and google.com/calendarU trunk/cgi-bin/LJ/EmbedModule.pm U trunk/cgi-bin/cleanhtml.pl
Modified: trunk/cgi-bin/LJ/EmbedModule.pm
===================================================================
--- trunk/cgi-bin/LJ/EmbedModule.pm 2011-04-06 04:01:55 UTC (rev 18800)
+++ trunk/cgi-bin/LJ/EmbedModule.pm 2011-04-06 04:15:19 UTC (rev 18801)
@@ -130,7 +130,7 @@
my $out= '<lj-embed id="'. $attrs{id} .'" ';
- if($code =~ m!src="http://www\.youtube\.com/embed/([\w\d\_\-]+)"!) {
+ if ($code =~ m!src=["']?http://www\.youtube\.com/embed/([\w\d\_\-]+)['"]?!) {
$out .= 'vid="'.$1.'" ';
}
@@ -444,6 +444,7 @@
extractimages => 0,
noexpandembedded => 1,
transform_embed_nocheck => 1,
+ journalid => $opts{journalid},
});
}
Modified: trunk/cgi-bin/cleanhtml.pl
===================================================================
--- trunk/cgi-bin/cleanhtml.pl 2011-04-06 04:01:55 UTC (rev 18800)
+++ trunk/cgi-bin/cleanhtml.pl 2011-04-06 04:15:19 UTC (rev 18801)
@@ -524,19 +524,23 @@
## YouTube (http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html),
## Vimeo, VKontakte, Google Calendar, Google Docs, VK.com, etc.
## see @LJ::EMBED_IFRAME_WHITELIST in lj-disabled-conf
- my $src = $attr->{'src'};
my $src_allowed = 0;
- if ($src) {
- foreach my $re ( @LJ::EMBED_IFRAME_WHITELIST ) {
- if ( $src =~ $re ) {
+ if (my $src = $attr->{'src'}) {
+ foreach my $wl ( @LJ::EMBED_IFRAME_WHITELIST ) {
+ if ($src =~ $wl->{re}) {
+ if ($wl->{personal_posts_only}) {
+ last unless $opts->{journalid};
+ my $u = LJ::load_userid($opts->{journalid});
+ last unless $u && $u->is_personal;
+ }
$src_allowed = 1;
last;
}
}
}
- unless ( $src && $src_allowed ) {
+ unless ($src_allowed) {
## eat this tag
if (!$attr->{'/'}) {
## if not autoclosed tag (<iframe />),
