Mercurialdw-free / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
cgi-bin/DW/Hooks/EmbedWhitelist.pm
author fu
Thu Feb 23 02:21:54 2012 +0800
changeset 4315 34b3c4ba3afb
parent 3716 e5aed810efb8
permissions -rw-r--r--
http://bugs.dwscoalition.org/show_bug.cgi?id=3859

Tweak for grammar / clarity / wording.

Patch by fu. 
     1 #!/usr/bin/perl

     2 #

     3 # This code was based on code originally created by the LiveJournal project

     4 # owned and operated by Live Journal, Inc. The code has been modified and expanded

     5 # by Dreamwidth Studios, LLC. These files were originally licensed under

     6 # the terms of the license supplied by Live Journal, Inc, which can

     7 # currently be found at:

     8 #

     9 # http://code.livejournal.org/trac/livejournal/browser/trunk/LICENSE-LiveJournal.txt

    10 #

    11 # In accordance with the original license, this code and all its

    12 # modifications are provided under the GNU General Public License.

    13 # A copy of that license can be found in the LICENSE file included as

    14 # part of this distribution.

    15 #

    16 #

    17 # DW::Hooks::EmbedWhitelist

    18 #

    19 # Keep a whitelist of trusted sites which we trust for certain kinds of embeds

    20 #

    21 # Authors:

    22 #      Afuna <coder.dw@afunamatata.com>

    23 #

    24 # Copyright (c) 2011 by Dreamwidth Studios, LLC.

    25 

    26 package DW::Hooks::EmbedWhitelist;

    27 

    28 use strict;

    29 use LJ::Hooks;

    30 use URI;

    31 

    32 # for internal use only

    33 # this is used when sites may offer embeds from multiple subdomain

    34 # e.g., www, www1, etc

    35 sub match_subdomain {

    36     my $want_domain = $_[0];

    37     my $domain_from_uri = $_[1];

    38 

    39     return $domain_from_uri =~ /^(?:[\w.-]*\.)?\Q$want_domain\E$/;

    40 }

    41 

    42 sub match_full_path {

    43     my $want_path = $_[0];

    44     my $path_from_uri = $_[1];

    45 

    46     return $path_from_uri =~ /^$want_path$/;

    47 }

    48 

    49 my %host_path_match = (

    50     "bandcamp.com"          => qr!^/EmbeddedPlayer/!,

    51     "blip.tv"               => qr!^/play/!,

    52 

    53     "www.dailymotion.com"   => qr!^/embed/video/!,

    54     "dotsub.com"            => qr!^/media/!,

    55 

    56     "maps.google.com"       => qr!^/maps!,

    57     "ext.nicovideo.jp"      => qr!^/thumb/!,

    58 

    59     "www.sbs.com.au"         => qr!/player/embed/!,  # best guess; language parameter before /player may vary

    60     "www.scribd.com"        => qr!^/embeds/!,

    61     "www.slideshare.net"    => qr!^/slideshow/embed_code/!,

    62 

    63     "player.vimeo.com"      => qr!^/video/\d+$!,

    64 );

    65 

    66 LJ::Hooks::register_hook( 'allow_iframe_embeds', sub {

    67     my ( $embed_url, %opts ) = @_;

    68 

    69     return 0 unless $embed_url;

    70 

    71     my $parsed_uri = URI->new( $embed_url );

    72 

    73     my $uri_scheme = $parsed_uri->scheme;

    74     return 0 unless $uri_scheme eq "http" || $uri_scheme eq "https";

    75 

    76     my $uri_host = $parsed_uri->host;

    77     my $uri_path = $parsed_uri->path;   # not including query

    78 

    79     my $path_regex = $host_path_match{$uri_host};

    80     return 1 if $path_regex && ( $uri_path =~ $path_regex );

    81 

    82     ## YouTube (http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html)

    83     if ( match_subdomain( "youtube.com", $uri_host ) || match_subdomain( "youtube-nocookie.com", $uri_host ) ) {

    84         return 1 if match_full_path( qr!/embed/[-_a-zA-Z0-9]{11,}!, $uri_path );

    85     }

    86 

    87     if ( $uri_host eq "commons.wikimedia.org" ) {

    88         return 1 if $uri_path =~ m!^/wiki/File:! && $parsed_uri->query =~ m/embedplayer=yes/;

    89     }

    90 

    91     return 0;

    92 

    93 } );

    94 

    95 1;
dw-free