Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
C
Coopdevs OCB mirror
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
External wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Coopdevs
Odoo
Coopdevs OCB mirror
Commits
74532a08
Commit
74532a08
authored
3 years ago
by
qsm-odoo
Browse files
Options
Downloads
Patches
Plain Diff
[FIX] website: fix video loading
task-2376327
parent
c1d6d4a1
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
addons/website/static/src/js/content/snippets.animation.js
+18
-3
18 additions, 3 deletions
addons/website/static/src/js/content/snippets.animation.js
with
18 additions
and
3 deletions
addons/website/static/src/js/content/snippets.animation.js
+
18
−
3
View file @
74532a08
...
...
@@ -608,7 +608,10 @@ registry.mediaVideo = publicWidget.Widget.extend({
var
def
=
this
.
_super
.
apply
(
this
,
arguments
);
if
(
this
.
$target
.
children
(
'
iframe
'
).
length
)
{
// There already is an <iframe/>, do nothing
// There already is an <iframe/>, do nothing. This is the normal
// case. The whole code that follows is only there to ensure
// compatibility with videos added before bug fixes or new Odoo
// versions where the <iframe/> element is properly saved.
return
def
;
}
...
...
@@ -626,11 +629,23 @@ registry.mediaVideo = publicWidget.Widget.extend({
// the src is saved in the 'data-src' attribute or the
// 'data-oe-expression' one (the latter is used as a workaround in 10.0
// system but should obviously be reviewed in master).
var
src
=
_
.
escape
(
this
.
$target
.
data
(
'
oe-expression
'
)
||
this
.
$target
.
data
(
'
src
'
));
// Validate the src to only accept supported domains we can trust
var
m
=
src
.
match
(
/^
(?:
https
?
:
)?\/\/([^/
?#
]
+
)
/
);
if
(
!
m
)
{
// Unsupported protocol or wrong URL format, don't inject iframe
return
def
;
}
var
domain
=
m
[
1
].
replace
(
/^www
\.
/
,
''
);
var
supportedDomains
=
[
'
youtu.be
'
,
'
youtube.com
'
,
'
youtube-nocookie.com
'
,
'
instagram.com
'
,
'
vine.co
'
,
'
player.vimeo.com
'
,
'
vimeo.com
'
,
'
dailymotion.com
'
,
'
player.youku.com
'
,
'
youku.com
'
];
if
(
!
_
.
contains
(
supportedDomains
,
domain
))
{
// Unsupported domain, don't inject iframe
return
def
;
}
this
.
$target
.
append
(
$
(
'
<iframe/>
'
,
{
src
:
_
.
escape
(
this
.
$target
.
data
(
'
oe-expression
'
)
||
this
.
$target
.
data
(
'
src
'
))
,
src
:
src
,
frameborder
:
'
0
'
,
allowfullscreen
:
'
allowfullscreen
'
,
sandbox
:
'
allow-scripts allow-same-origin
'
,
// https://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/
}));
return
def
;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
