Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/misskey-dev/summaly
Browse files Browse the repository at this point in the history
  • Loading branch information
@tamaina
tamaina committed Apr 20, 2023
2 parents 994f420 + 5a3321a commit c7d71a9
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 1 deletion.
3 changes: 3 additions & 0 deletions built/general.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,9 @@ async function getOEmbedPlayer($, pageUrl) {
const allowedPermissions = (iframe.attr('allow') ?? '').split(/\s*;\s*/g)
.filter(s => s)
.filter(s => !ignoredList.includes(s));
if (iframe.attr('allowfullscreen') === '') {
allowedPermissions.push('fullscreen');
}
if (allowedPermissions.some(allow => !safeList.includes(allow))) {
// This iframe is probably too powerful to be embedded
return null;
Expand Down
3 changes: 3 additions & 0 deletions src/general.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,9 @@ async function getOEmbedPlayer($: cheerio.CheerioAPI, pageUrl: string): Promise<
(iframe.attr('allow') ?? '').split(/\s*;\s*/g)
.filter(s => s)
.filter(s => !ignoredList.includes(s));
if (iframe.attr('allowfullscreen') === '') {
allowedPermissions.push('fullscreen');
}
if (allowedPermissions.some(allow => !safeList.includes(allow))) {
// This iframe is probably too powerful to be embedded
return null;
Expand Down
9 changes: 8 additions & 1 deletion test/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,14 @@ describe("oEmbed", () => {
await setUpFastify('oembed-allow-fullscreen.json');
const summary = await summaly(host);
expect(summary.player.url).toBe('https://example.com/');
expect(summary.player.allow).toStrictEqual(['fullscreen'])
expect(summary.player.allow).toStrictEqual(['fullscreen']);
});

test('allows legacy allowfullscreen', async () => {
await setUpFastify('oembed-allow-fullscreen-legacy.json');
const summary = await summaly(host);
expect(summary.player.url).toBe('https://example.com/');
expect(summary.player.allow).toStrictEqual(['fullscreen']);
});

test('allows safelisted permissions', async () => {
Expand Down
7 changes: 7 additions & 0 deletions test/oembed/oembed-allow-fullscreen-legacy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"version": "1.0",
"type": "rich",
"html": "<iframe src='https://example.com/' allowfullscreen></iframe>",
"width": 500,
"height": 300
}

0 comments on commit c7d71a9

Please sign in to comment.