remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)

This commit is contained in:
Andrew Dolgov 2019-11-27 11:52:51 +03:00
parent e5b7b145e5
commit d15f0349bf
2 changed files with 3 additions and 4 deletions

View File

@ -61,6 +61,7 @@ class PluginHost {
const HOOK_GET_FULL_TEXT = 41; const HOOK_GET_FULL_TEXT = 41;
const HOOK_ARTICLE_IMAGE = 42; const HOOK_ARTICLE_IMAGE = 42;
const HOOK_FEED_TREE = 43; const HOOK_FEED_TREE = 43;
const HOOK_IFRAME_WHITELISTED = 44;
const KIND_ALL = 1; const KIND_ALL = 1;
const KIND_SYSTEM = 2; const KIND_SYSTEM = 2;

View File

@ -1250,13 +1250,11 @@
} }
function iframe_whitelisted($entry) { function iframe_whitelisted($entry) {
$whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com");
@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
if ($src) { if ($src) {
foreach ($whitelist as $w) { foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) {
if ($src == $w || $src == "www.$w") if ($plugin->hook_iframe_whitelisted($src))
return true; return true;
} }
} }