1
0
Fork 0
forked from fedi/mastodon

Check that twitter:player is valid before using it (#9254)

Fixes #9251
This commit is contained in:
ThibG 2018-11-10 20:42:04 +01:00 committed by Eugen Rochko
parent 3cecf3e5b9
commit 9b89c62d43

View file

@ -138,12 +138,13 @@ class FetchLinkCardService < BaseService
guess = detector.detect(@html, @html_charset)
page = Nokogiri::HTML(@html, nil, guess&.fetch(:encoding, nil))
player_url = meta_property(page, 'twitter:player')
if meta_property(page, 'twitter:player')
if player_url && !bad_url?(Addressable::URI.parse(player_url))
@card.type = :video
@card.width = meta_property(page, 'twitter:player:width') || 0
@card.height = meta_property(page, 'twitter:player:height') || 0
@card.html = content_tag(:iframe, nil, src: meta_property(page, 'twitter:player'),
@card.html = content_tag(:iframe, nil, src: player_url,
width: @card.width,
height: @card.height,
allowtransparency: 'true',