Closed dJani97 closed 2 years ago
@dJani97 hello, sorry for missing your question.
As what I understand, you can simply add any attribute to your iframe
tag with DOM manipulation, after receiving it from oembed-parser
, right?
Currently, this lib only supports params as an one-level object, so your example would make a query as below:
url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D8jPQjjsBbIc&format=json&maxwidth=500&maxheight=300&iframeAttributes=%5Bobject+Object%5D
However, that does not affect to the last result, because what we send is not important as what the target provider accepts and understands. I think almost if not all of them do not support this kind of params.
Hey, thanks for the response.
I ended up doing something like this:
const sandboxedHtml = html.replace(
'<iframe',
'<iframe sandbox="allow-scripts allow-same-origin"'
);
That solves my problem. oembed-parser
is a great library and covers a lot, probably my suggestion to add arbitrary attributes to the resulting HTML shouldn't be in it's scope.
Hi!
I was wondering if there is any easy way to apply the
sandbox
attribute to the embedded iframes, for security reasons.Is there an existing way to do this, or would it be possible to extend the API?
It could look like this:
Then, the returned HTML would look something like this: