tilboerner
commented
11 years ago Do you have a ready-made example I can use to check this out?
Open devsnd opened 11 years ago
tilboerner
commented
11 years ago Do you have a ready-made example I can use to check this out?
tilboerner
commented
11 years ago Do you have a ready-made example I can use to check this out?
Found one myself in http://flowingdata.com/feed/ : The video <iframe> gets removed by the sanitizer. Not sure if it's a good idea to forgo sanitizing feed content or add the necessary tags to the filter whitelist. Thoughts?
XORwell
commented
11 years ago forgo sanitizing sounds bad. maybe some place for configurations like that? a settings.yml for whitelisting tags (app wide) would be the easiest thing. but gets complicated if someone needs to manage whitelists on a per user basis.
devsnd
commented
11 years ago Simpler: IFrames work on their own. All they need is a URL.
I could write a simple jQuery thingy that turns into an IFrame after the user clicked it.
This would mean that IFrames are shown as a black box, only showing the URL it is pointing to, which turns into a real IFrame if you want to see it after the click. I don't know the exact implications for XSS in that case, but I know that the IFrame wouldnt be able to grab the session cookie, for example.
Anyway, I want that feature. I'll write something tomorrow. It's up to you if you'd then include it or not :cake: :dancers:
When I open a blog post that contains a youtube video, the video is not embedded inside laserchicken. Then I have to click on the
(web)link, and find the position I was at in the original blog post to see the video. That's very annoying.