aboutsummaryrefslogtreecommitdiffhomepage
path: root/reader/sanitizer/sanitizer.go
diff options
context:
space:
mode:
Diffstat (limited to 'reader/sanitizer/sanitizer.go')
-rw-r--r--reader/sanitizer/sanitizer.go23
1 files changed, 21 insertions, 2 deletions
diff --git a/reader/sanitizer/sanitizer.go b/reader/sanitizer/sanitizer.go
index d1ad13e..2853911 100644
--- a/reader/sanitizer/sanitizer.go
+++ b/reader/sanitizer/sanitizer.go
@@ -8,6 +8,7 @@ import (
"bytes"
"fmt"
"io"
+ "regexp"
"strings"
"github.com/miniflux/miniflux/url"
@@ -15,6 +16,10 @@ import (
"golang.org/x/net/html"
)
+var (
+ youtubeEmbedRegex = regexp.MustCompile(`http[s]?://www\.youtube\.com/embed/(.*)`)
+)
+
// Sanitize returns safe HTML.
func Sanitize(baseURL, input string) string {
tokenizer := html.NewTokenizer(bytes.NewBufferString(input))
@@ -85,8 +90,12 @@ func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute) ([
}
if isExternalResourceAttribute(attribute.Key) {
- if tagName == "iframe" && !isValidIframeSource(attribute.Val) {
- continue
+ if tagName == "iframe" {
+ if isValidIframeSource(attribute.Val) {
+ value = rewriteIframeURL(attribute.Val)
+ } else {
+ continue
+ }
} else {
value, err = url.AbsoluteURL(baseURL, value)
if err != nil {
@@ -274,6 +283,7 @@ func isValidIframeSource(src string) bool {
whitelist := []string{
"http://www.youtube.com",
"https://www.youtube.com",
+ "https://www.youtube-nocookie.com",
"http://player.vimeo.com",
"https://player.vimeo.com",
"http://www.dailymotion.com",
@@ -365,3 +375,12 @@ func inList(needle string, haystack []string) bool {
return false
}
+
+func rewriteIframeURL(link string) string {
+ matches := youtubeEmbedRegex.FindStringSubmatch(link)
+ if len(matches) == 2 {
+ return `https://www.youtube-nocookie.com/embed/` + matches[1]
+ }
+
+ return link
+}