From 9b89c62d438acc48caa6cdf939ced90a75a86c5b Mon Sep 17 00:00:00 2001 From: ThibG Date: Sat, 10 Nov 2018 20:42:04 +0100 Subject: Check that twitter:player is valid before using it (#9254) Fixes #9251 --- app/services/fetch_link_card_service.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'app/services') diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb index 3e77579bb..38c578de2 100644 --- a/app/services/fetch_link_card_service.rb +++ b/app/services/fetch_link_card_service.rb @@ -136,14 +136,15 @@ class FetchLinkCardService < BaseService detector = CharlockHolmes::EncodingDetector.new detector.strip_tags = true - guess = detector.detect(@html, @html_charset) - page = Nokogiri::HTML(@html, nil, guess&.fetch(:encoding, nil)) + guess = detector.detect(@html, @html_charset) + page = Nokogiri::HTML(@html, nil, guess&.fetch(:encoding, nil)) + player_url = meta_property(page, 'twitter:player') - if meta_property(page, 'twitter:player') + if player_url && !bad_url?(Addressable::URI.parse(player_url)) @card.type = :video @card.width = meta_property(page, 'twitter:player:width') || 0 @card.height = meta_property(page, 'twitter:player:height') || 0 - @card.html = content_tag(:iframe, nil, src: meta_property(page, 'twitter:player'), + @card.html = content_tag(:iframe, nil, src: player_url, width: @card.width, height: @card.height, allowtransparency: 'true', -- cgit