Planet stripping embedded videos and other items from republished posts

RESOLVED WONTFIX

Status

Websites
planet.mozilla.org
--
major
RESOLVED WONTFIX
10 years ago
9 years ago

People

(Reporter: dria, Assigned: asa)

Tracking

Details

I wrote a post today that included an embedded YouTube video that planet.mo stripped out before republishing.  Previously, I've had it strip digg buttons out of my posts.  

It would be great if it would stop doing that :)
(Assignee)

Comment 1

10 years ago
Ideally we'd do the right thing here for both the html and the feeds, making the video an embed in the html and an enclosure in the feeds. 
Up to you: acceptable_elements and acceptable_attributes in class _HTMLSanitizer in feedparser.py. Just be sure you understand why you feel that the dire warnings in http://www.feedparser.org/docs/html-sanitization.html don't apply to you (oh, and don't expect that including it in pmo's feed will mean that consumers of that feed will see it, since lots of readers use the same or a similar whitelist).
Based on comment #2, I recommend WONTFIX. We've had blogs hacked before.
(In reply to comment #3)
> Based on comment #2, I recommend WONTFIX. We've had blogs hacked before.
> 

I'm inclined to second that.  Best bet would be to suggest visiting the permalink, as that's what most blogs do.

If anything is enabled, perhaps we should whitelist <object/> and <embed/> only for certain url's.  YouTube, Google Video, and several of the more popular video providers.  That would cover most cases of use.
Depends on: 463955
Just use <video>. It works fine on planet.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.