Андрей (andy) wrote in changelog,
Андрей
andy
changelog

[livejournal] r18079: LJSUP-7674 (Allow IFRAME tags for new Yo...

Committer: ailyin
LJSUP-7674 (Allow IFRAME tags for new YouTube API)
U   trunk/cgi-bin/LJ/EmbedModule.pm
U   trunk/cgi-bin/cleanhtml.pl
U   trunk/htdocs/update.bml

Modified: trunk/cgi-bin/LJ/EmbedModule.pm
===================================================================
--- trunk/cgi-bin/LJ/EmbedModule.pm	2011-01-21 09:01:25 UTC (rev 18078)
+++ trunk/cgi-bin/LJ/EmbedModule.pm	2011-01-21 09:07:00 UTC (rev 18079)
@@ -422,8 +422,8 @@
             tablecheck => 0,
             mode => 'allow',
             allow => [qw(object embed)],
-            deny => [qw(script iframe)],
-            remove => [qw(script iframe)],
+            deny => [qw(script)],
+            remove => [qw(scriptiframe)],
             ljcut_disable => 1,
             cleancss => 0,
             extractlinks => 0,

Modified: trunk/cgi-bin/cleanhtml.pl
===================================================================
--- trunk/cgi-bin/cleanhtml.pl	2011-01-21 09:01:25 UTC (rev 18078)
+++ trunk/cgi-bin/cleanhtml.pl	2011-01-21 09:07:00 UTC (rev 18079)
@@ -494,7 +494,7 @@
                 ## TODO: add more trusted sites besides YouTube
                 ## YouTube (http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html)
                 my $src = $attr->{'src'};
-                if ($src && $src =~ m!^http://www\.youtube\.com/embed/!) {
+                if ($src && $src =~ m!^https?://(?:[\w.-]*\.)?youtube\.com/embed/[-_a-zA-Z0-9]{11,}(?:\?.*)?$!) {
                     ## allow 
                 } else {
                     ## eat this tag

Modified: trunk/htdocs/update.bml
===================================================================
--- trunk/htdocs/update.bml	2011-01-21 09:01:25 UTC (rev 18078)
+++ trunk/htdocs/update.bml	2011-01-21 09:07:00 UTC (rev 18079)
@@ -140,6 +140,7 @@
     if ($url) {
         ## currently, the URL is for YouTube only.
         ## in future support for other quick embeds will be added.
+        ## TODO: use oEmbed for YouTube (http://apiblog.youtube.com/2009/10/oembed-support.html)
         if ($url =~ m!http://www.youtube.com/watch\?v=(\w+)! || $url =~ m!http://www.youtube.com/v/(\w+)!) {
             $event .= <<"EMBED";
 <object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/$1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>
Tags: andy, bml, livejournal, pl, pm
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    switch
    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    Help
  • 2 comments