vadvs (vadvs) wrote in changelog,
vadvs
vadvs
changelog

[livejournal] r20854: LJSV-1995: Embedded video from http://vi...

Committer: vad
LJSV-1995: Embedded video from http://video.yandex.ru doesn't shown
U   trunk/cgi-bin/cleanhtml.pl
Modified: trunk/cgi-bin/cleanhtml.pl
===================================================================
--- trunk/cgi-bin/cleanhtml.pl	2011-12-23 12:18:25 UTC (rev 20853)
+++ trunk/cgi-bin/cleanhtml.pl	2011-12-23 12:47:02 UTC (rev 20854)
@@ -1148,10 +1148,15 @@
                 }
 
                 ## LJSUP-10811: due to security issue only Flash is allowed
-                if ($tag eq 'embed' or $tag eq 'object'){
+                ## LJSV-1995: Embedded video from http://video.yandex.ru doesn't shown
+                if ($tag eq 'embed'){
                    $hash->{type} = 'application/x-shockwave-flash'; 
-                   push @$attrs => 'type';
+                   push @$attrs => 'type' unless grep { $_ eq 'type' } @$attrs;
                 }
+                if ($tag eq 'object' and ($hash->{data} || $hash->{src})){
+                   $hash->{type} = 'application/x-shockwave-flash'; 
+                   push @$attrs => 'type' unless grep { $_ eq 'type' } @$attrs;
+                }
 
                 # Through the xsl namespace in XML, it is possible to embed scripting lanaguages
                 # as elements which will then be executed by the browser.  Combining this with

Tags: livejournal, pl, vad, vadvs
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments