[livejournal] r18079: LJSUP-7674 (Allow IFRAME tags for new Yo...: changelog

Committer: ailyin

LJSUP-7674 (Allow IFRAME tags for new YouTube API)

U   trunk/cgi-bin/LJ/EmbedModule.pm
U   trunk/cgi-bin/cleanhtml.pl
U   trunk/htdocs/update.bml

Modified: trunk/cgi-bin/LJ/EmbedModule.pm
===================================================================
--- trunk/cgi-bin/LJ/EmbedModule.pm	2011-01-21 09:01:25 UTC (rev 18078)
+++ trunk/cgi-bin/LJ/EmbedModule.pm	2011-01-21 09:07:00 UTC (rev 18079)
@@ -422,8 +422,8 @@
             tablecheck => 0,
             mode => 'allow',
             allow => [qw(object embed)],
-            deny => [qw(script iframe)],
-            remove => [qw(script iframe)],
+            deny => [qw(script)],
+            remove => [qw(scriptiframe)],
             ljcut_disable => 1,
             cleancss => 0,
             extractlinks => 0,

Modified: trunk/cgi-bin/cleanhtml.pl
===================================================================
--- trunk/cgi-bin/cleanhtml.pl	2011-01-21 09:01:25 UTC (rev 18078)
+++ trunk/cgi-bin/cleanhtml.pl	2011-01-21 09:07:00 UTC (rev 18079)
@@ -494,7 +494,7 @@
                 ## TODO: add more trusted sites besides YouTube
                 ## YouTube (http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html)
                 my $src = $attr->{'src'};
-                if ($src && $src =~ m!^http://www\.youtube\.com/embed/!) {
+                if ($src && $src =~ m!^https?://(?:[\w.-]*\.)?youtube\.com/embed/[-_a-zA-Z0-9]{11,}(?:\?.*)?$!) {
                     ## allow 
                 } else {
                     ## eat this tag

Modified: trunk/htdocs/update.bml
===================================================================
--- trunk/htdocs/update.bml	2011-01-21 09:01:25 UTC (rev 18078)
+++ trunk/htdocs/update.bml	2011-01-21 09:07:00 UTC (rev 18079)
@@ -140,6 +140,7 @@
     if ($url) {
         ## currently, the URL is for YouTube only.
         ## in future support for other quick embeds will be added.
+        ## TODO: use oEmbed for YouTube (http://apiblog.youtube.com/2009/10/oembed-support.html)
         if ($url =~ m!http://www.youtube.com/watch\?v=(\w+)! || $url =~ m!http://www.youtube.com/v/(\w+)!) {
             $event .= <<"EMBED";
 <object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/$1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>

Post a new comment
Error

Anonymous comments are disabled in this journal
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

Preview comment

Help
2 comments

Post a new comment
2 comments

Log in

[livejournal] r18079: LJSUP-7674 (Allow IFRAME tags for new Yo...

[ljcom] r13121: LJSUP-14834: Need a text vars for LJShop...

[ljcom] r13120: LJCOMCOMREAD-381: Smart App Banners

[livejournal] r23564: LJCOMCOMREAD-381: Smart App Banners

Error