[livejournal] r20854: LJSV-1995: Embedded video from http://vi...
Committer: vad
LJSV-1995: Embedded video from http://video.yandex.ru doesn't shownU trunk/cgi-bin/cleanhtml.pl
Modified: trunk/cgi-bin/cleanhtml.pl
===================================================================
--- trunk/cgi-bin/cleanhtml.pl 2011-12-23 12:18:25 UTC (rev 20853)
+++ trunk/cgi-bin/cleanhtml.pl 2011-12-23 12:47:02 UTC (rev 20854)
@@ -1148,10 +1148,15 @@
}
## LJSUP-10811: due to security issue only Flash is allowed
- if ($tag eq 'embed' or $tag eq 'object'){
+ ## LJSV-1995: Embedded video from http://video.yandex.ru doesn't shown
+ if ($tag eq 'embed'){
$hash->{type} = 'application/x-shockwave-flash';
- push @$attrs => 'type';
+ push @$attrs => 'type' unless grep { $_ eq 'type' } @$attrs;
}
+ if ($tag eq 'object' and ($hash->{data} || $hash->{src})){
+ $hash->{type} = 'application/x-shockwave-flash';
+ push @$attrs => 'type' unless grep { $_ eq 'type' } @$attrs;
+ }
# Through the xsl namespace in XML, it is possible to embed scripting lanaguages
# as elements which will then be executed by the browser. Combining this with