40 lines
1.2 KiB
Ruby
40 lines
1.2 KiB
Ruby
require 'oembed'
|
|
require 'uri'
|
|
|
|
#
|
|
# SECURITY NOTICE! CROSS-SITE SCRIPTING!
|
|
# these endpoints may inject html code into our page
|
|
# note that 'trusted_endpoint_url' is the only information
|
|
# in OEmbed that we can trust. anything else may be spoofed!
|
|
|
|
OEmbedCubbies = OEmbed::Provider.new("http://cubbi.es/oembed")
|
|
|
|
OEmbedDailyMotion = OEmbed::Provider.new("http://www.dailymotion.com/services/oembed")
|
|
OEmbedDailyMotion << "http://www.dailymotion.com/video/*"
|
|
|
|
OEmbedTwitter = OEmbed::Provider.new("https://api.twitter.com/1/statuses/oembed.json")
|
|
OEmbedTwitter << "http://twitter.com/*/status/*"
|
|
OEmbedTwitter << "https://twitter.com/*/status/*"
|
|
|
|
# patch in support for new https soundcloud
|
|
OEmbed::Providers::SoundCloud << "https://*.soundcloud.com/*"
|
|
|
|
oembed_provider_list = [
|
|
OEmbed::Providers::Youtube,
|
|
OEmbed::Providers::Vimeo,
|
|
OEmbed::Providers::SoundCloud,
|
|
OEmbed::Providers::Instagram,
|
|
OEmbed::Providers::Flickr,
|
|
OEmbedCubbies,
|
|
OEmbedDailyMotion,
|
|
OEmbedTwitter
|
|
]
|
|
|
|
SECURE_ENDPOINTS = oembed_provider_list.map do |provider|
|
|
OEmbed::Providers.register(provider)
|
|
provider.endpoint
|
|
end
|
|
|
|
OEmbed::Providers.register_fallback(OEmbed::ProviderDiscovery)
|
|
|
|
TRUSTED_OEMBED_PROVIDERS = OEmbed::Providers
|