Closed oferlaor closed 2 months ago
I have considered setting a default referrer policy in the past, but I came to the conclusion this was best applied at the application level, most likely with a meta
element.
Alternatively, if you want to set a referrerpolicy
attribute on all iframe
elements, you can do so via a template normalization. It should be created as early in the configuration as possible, before sites are added. For example:
$configurator = new s9e\TextFormatter\Configurator;
$configurator->templateNormalizer->add(
new s9e\TextFormatter\Configurator\TemplateNormalizations\SetAttributeOnElements(
'//iframe',
'referrerpolicy',
'no-referrer'
)
);
$configurator->MediaEmbed->add('youtube');
extract($configurator->finalize());
$text = 'https://www.youtube.com/watch?v=dQw4w9WgXcQ';
$xml = $parser->parse($text);
$html = $renderer->render($xml);
die("$html\n");
<span data-s9e-mediaembed="youtube" style="display:inline-block;width:100%;max-width:640px"><span style="display:block;overflow:hidden;position:relative;padding-bottom:56.25%"><iframe allowfullscreen="" loading="lazy" scrolling="no" style="background:url(https://i.ytimg.com/vi/dQw4w9WgXcQ/hqdefault.jpg) 50% 50% / cover;border:0;height:100%;left:0;position:absolute;width:100%" referrerpolicy="no-referrer" src="https://www.youtube.com/embed/dQw4w9WgXcQ"></iframe></span></span>
Some sites have restricted access on Media Embedding.
file: /s9e/text-formatter/src/Plugins/MediaEmbed/Configurator/TemplateGenerators/Iframe.php
One easy way to resolve this is to add a referrer policy, which tells the browser to restrict the referrer information when opening the IFRAME. This is dramatic as it opens up (particularly for youtube) a host of new videos that can be embedded.