Open devsnd opened 11 years ago
Do you have a ready-made example I can use to check this out?
Do you have a ready-made example I can use to check this out?
Found one myself in http://flowingdata.com/feed/ : The video <iframe>
gets removed by the sanitizer. Not sure if it's a good idea to forgo sanitizing feed content or add the necessary tags to the filter whitelist. Thoughts?
forgo sanitizing sounds bad. maybe some place for configurations like that? a settings.yml for whitelisting tags (app wide) would be the easiest thing. but gets complicated if someone needs to manage whitelists on a per user basis.
Simpler: IFrames work on their own. All they need is a URL.
I could write a simple jQuery thingy that turns into an IFrame after the user clicked it.
This would mean that IFrames are shown as a black box, only showing the URL it is pointing to, which turns into a real IFrame if you want to see it after the click. I don't know the exact implications for XSS in that case, but I know that the IFrame wouldnt be able to grab the session cookie, for example.
Anyway, I want that feature. I'll write something tomorrow. It's up to you if you'd then include it or not :cake: :dancers:
When I open a blog post that contains a youtube video, the video is not embedded inside laserchicken. Then I have to click on the
(web)
link, and find the position I was at in the original blog post to see the video. That's very annoying.