![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Allow more sites in embed whitelist
[commit: http://hg.dwscoalition.org/dw-free/rev/e5aed810efb8]
http://bugs.dwscoalition.org/show_bug.cgi?id=3707
Expand support for iframe embeds from the sites: bandcamp.com, blip.tv,
www.dailymotion.com, dotsub.com, nicovideo.jp, sbs.com.au, scribd.com,
slideshare.net, vimeo.com, maps.google.com
Lots of thanks to![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
monarchist, ninetydegrees,
bookofjude, and andrewducker for gathering
examples of the embed codes to use!
Patch byfu.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=3707
Expand support for iframe embeds from the sites: bandcamp.com, blip.tv,
www.dailymotion.com, dotsub.com, nicovideo.jp, sbs.com.au, scribd.com,
slideshare.net, vimeo.com, maps.google.com
Lots of thanks to
monarchist, ninetydegrees,bookofjude, and andrewducker for gatheringexamples of the embed codes to use!
Patch by
fu.Files modified:
- cgi-bin/DW/Hooks/EmbedWhitelist.pm
- t/embed-whitelist.t
--------------------------------------------------------------------------------
diff -r d5c9f9570e7d -r e5aed810efb8 cgi-bin/DW/Hooks/EmbedWhitelist.pm
--- a/cgi-bin/DW/Hooks/EmbedWhitelist.pm Wed Aug 10 12:48:43 2011 +0800
+++ b/cgi-bin/DW/Hooks/EmbedWhitelist.pm Wed Aug 10 18:22:04 2011 +0800
@@ -29,6 +29,9 @@
use LJ::Hooks;
use URI;
+# for internal use only
+# this is used when sites may offer embeds from multiple subdomain
+# e.g., www, www1, etc
sub match_subdomain {
my $want_domain = $_[0];
my $domain_from_uri = $_[1];
@@ -43,6 +46,23 @@
return $path_from_uri =~ /^$want_path$/;
}
+my %host_path_match = (
+ "bandcamp.com" => qr!^/EmbeddedPlayer/!,
+ "blip.tv" => qr!^/play/!,
+
+ "www.dailymotion.com" => qr!^/embed/video/!,
+ "dotsub.com" => qr!^/media/!,
+
+ "maps.google.com" => qr!^/maps!,
+ "ext.nicovideo.jp" => qr!^/thumb/!,
+
+ "www.sbs.com.au" => qr!/player/embed/!, # best guess; language parameter before /player may vary
+ "www.scribd.com" => qr!^/embeds/!,
+ "www.slideshare.net" => qr!^/slideshow/embed_code/!,
+
+ "player.vimeo.com" => qr!^/video/\d+$!,
+);
+
LJ::Hooks::register_hook( 'allow_iframe_embeds', sub {
my ( $embed_url, %opts ) = @_;
@@ -56,6 +76,9 @@
my $uri_host = $parsed_uri->host;
my $uri_path = $parsed_uri->path; # not including query
+ my $path_regex = $host_path_match{$uri_host};
+ return 1 if $path_regex && ( $uri_path =~ $path_regex );
+
## YouTube (http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html)
if ( match_subdomain( "youtube.com", $uri_host ) || match_subdomain( "youtube-nocookie.com", $uri_host ) ) {
return 1 if match_full_path( qr!/embed/[-_a-zA-Z0-9]{11,}!, $uri_path );
diff -r d5c9f9570e7d -r e5aed810efb8 t/embed-whitelist.t
--- a/t/embed-whitelist.t Wed Aug 10 12:48:43 2011 +0800
+++ b/t/embed-whitelist.t Wed Aug 10 18:22:04 2011 +0800
@@ -1,7 +1,7 @@
# -*-perl-*-
use strict;
-use Test::More tests => 10;
+use Test::More tests => 24;
use lib "$ENV{LJHOME}/cgi-bin";
require 'ljlib.pl';
@@ -46,3 +46,32 @@
test_bad_url( "http://www.youtube.com/notreallyembed/x1xx2xxxxxX", "wrong path");
test_bad_url( "http://www.youtube.com/embed/x1xx2xxxxxX/butnotreally", "wrong path");
}
+
+note( "misc" );
+{
+ test_good_url( "http://bandcamp.com/EmbeddedPlayer/v=2/track=123123123/size=venti/bgcol=FFFFFF/linkcol=4285BB/" );
+ test_good_url( "http://bandcamp.com/EmbeddedPlayer/v=2/track=123123123" );
+
+ test_good_url( "http://blip.tv/play/x11Xx11Xx.html" );
+
+ test_good_url( "http://www.dailymotion.com/embed/video/x1xx11x" );
+
+ test_good_url( "http://dotsub.com/media/9db493c6-6168-44b0-89ea-e33a31db48db/e/m" );
+
+ test_good_url( "http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=somethingsomething&aq=0&sll=00.000,-00.0000&sspn=0.00,0.0&vpsrc=0&ie=UTF8&hq=&hnear=somethingsomething&z=0&ll=0,-00&output=embed" );
+
+ test_good_url( "http://ext.nicovideo.jp/thumb/sm123123123" );
+ test_good_url( "http://ext.nicovideo.jp/thumb/nm123123123" );
+ test_good_url( "http://ext.nicovideo.jp/thumb/123123123" );
+
+ test_good_url( "http://www.sbs.com.au/yourlanguage//player/embed/id/163111" );
+
+ test_good_url( "http://www.scribd.com/embeds/123123/content?start_page=1&view_mode=list&access_key=" );
+
+ test_good_url( "http://www.slideshare.net/slideshow/embed_code/12312312" );
+
+ test_good_url( "http://player.vimeo.com/video/123123123?title=0&byline=0&portrait=0" );
+ test_bad_url("http://player.vimeo.com/video/123abc?title=0&byline=0&portrait=0");
+}
+
+
--------------------------------------------------------------------------------