Request for a new embed site

[polgarz]

Hello!

We have a ~huge video site called Indavideo (http://www.indavideo.hu) You can add this site a very simple way:

protected $allowed_iframes = array( ... 'indavideo.hu' => '/player/video', 'embed.indavideo.hu' => '/player/video' ... );

It works only http and it doesn't works with https, so i would like to ask: Why do you force https inside the plugin?

[tribut]

The plugin removes an important security feature (the "sandbox" attribute) from the iframe. This normally ensures that content inside the iframe -which is not filtered like the rest of the feed- is not able to modify anything outside of the frame itself. https at least ensures that the only one able to wreak havoc with your ttrss installation like this are the sites explicitely whitelisted. Removing that requirement means that anyone who has access to the cleartext of your internet connection would be able to do this.

I'm currently adding a preferences module that would allow every user to select which sites they want to allow. I'm not sure if I really want to allow non-https connections though, because I don't think it would be easy to make the implications clear to non-technical users and not supportings https in 2014 is really just lazy even for medium-sized webservices. I'll think about it.

[Takika]

trau: I just commented out the whole https part from the plugin and added a lots of new sites. My array looks like:

        protected $allowed_iframes = array(
                'www.youtube.com' => '/embed/',
                'www.youtube-nocookie.com' => '/embed/',
                'player.vimeo.com' => '/video/',
                'www.myvideo.de' => '/embed/',
                'www.dailymotion.com' => '/embed/video/',
                'www.viddler.com' => '/embed/',
                'w.soundcloud.com' => '/player/',
                'embed.indavideo.hu' => '/player/video/',
                'indavideo.hu' => '/player/video/',
                'www.indavideo.hu' => '/player/video/',
                'www.liveleak.com' => '/ll_embed',
                'prezi.com' => '/embed/',
                'cdnapi.kaltura.com' => '/index.php/',
                'movies.yahoo.com' => '/video/',
                'video.rjcdn.com' => '/embed/',
                'flashservice.xvideos.com' => '/embedframe/',
                'cms.springboardplatform.com' => '/embed_iframe/',
                'tv2.hu' => '/neoplayer/',
                'player.cinchcast.com' => '/',
                'www.scribd.com' => '/embeds/',
                'www.collegehumor.com' => '/e/',
                'snagplayer.video.dp.discovery.com' => '/',
                'media.mtvnservices.com' => '/embed/',
                'www.ustream.tv' => '/embed/',
                'www.facebook.com' => '/video/embed',
                'www.google.hu' => '/maps',
                'widgets.ign.com' => '/video/embed/',
                'videa.hu' => '/player',
                'www.nbc.com' => '/assets/video/',
                'bandcamp.com' => '/EmbeddedPlayer/',
                'www.funnyordie.com' => '/embed/',
                'screen.yahoo.com' => '/',
                'hub.video.msn.com' => '/embed/',
                'bcove.me' => '/',
                'uk.movies.yahoo.com' => '/video/',
        );

[polgarz]

Takika: Thank you, i did it too, but with less sites :) This array is great and useful, thanks a lot!

[tribut]

Thanks for the list. This will certainly be useful!