Check that twitter:player is valid before using it (#9254)

Fixes #9251
author: ThibG <thib@sitedethib.com> 2018-11-10 20:42:04 +0100
committer: Eugen Rochko <eugen@zeonfederated.com> 2018-11-10 20:42:04 +0100
commit: 9b89c62d438acc48caa6cdf939ced90a75a86c5b (patch)
tree: ef804667a4cb2b0abdee3e18187975af00bcb412
parent: 3cecf3e5b995f5035b17fd9572c17ba1ede9346b (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb
index 3e77579bb..38c578de2 100644
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@@ -136,14 +136,15 @@ class FetchLinkCardService < BaseService
     detector = CharlockHolmes::EncodingDetector.new
     detector.strip_tags = true
 
-    guess = detector.detect(@html, @html_charset)
-    page  = Nokogiri::HTML(@html, nil, guess&.fetch(:encoding, nil))
+    guess      = detector.detect(@html, @html_charset)
+    page       = Nokogiri::HTML(@html, nil, guess&.fetch(:encoding, nil))
+    player_url = meta_property(page, 'twitter:player')
 
-    if meta_property(page, 'twitter:player')
+    if player_url && !bad_url?(Addressable::URI.parse(player_url))
       @card.type   = :video
       @card.width  = meta_property(page, 'twitter:player:width') || 0
       @card.height = meta_property(page, 'twitter:player:height') || 0
-      @card.html   = content_tag(:iframe, nil, src: meta_property(page, 'twitter:player'),
+      @card.html   = content_tag(:iframe, nil, src: player_url,
                                                width: @card.width,
                                                height: @card.height,
                                                allowtransparency: 'true',
author	ThibG <thib@sitedethib.com>	2018-11-10 20:42:04 +0100
committer	Eugen Rochko <eugen@zeonfederated.com>	2018-11-10 20:42:04 +0100
commit	9b89c62d438acc48caa6cdf939ced90a75a86c5b (patch)
tree	ef804667a4cb2b0abdee3e18187975af00bcb412
parent	3cecf3e5b995f5035b17fd9572c17ba1ede9346b (diff)