Commit Graph

7 Commits

Author SHA1 Message Date
Cameron Hessler
04a11355a7 fix(extension-youtube) XSS risk with src tag
Fixes risks outline in #4600 by verifying that any src urls are valid
youtube URLs before rendering as HTML. My thoughts are that this attack
vector would be difficult to use because the attacker would have to have
a way to manipualte the TipTap payload in a manner that bypasses the
youtube extension's `setYoutubeVideo` command, which already checks for
valid URLs.
2023-11-20 18:48:22 +01:00
Justin Maier
4cd35d438c
Update regex to exclude channel URL unfurling (#3750) 2023-02-18 15:06:34 +01:00
Sven Adlung
8b854b67a4
refactor(extension-youtube): rename utility function name (#3498) 2022-12-07 00:45:51 +01:00
Dominik Biedebach
4841c05c72 fix(extension-youtube): set allowFullscreen to default 2022-11-04 17:21:52 +01:00
Luis Cateura
c1cf33c7bf
Feature/youtube parameters (#3307)
* Fixed allowFullscreen not working correctly. Added autoplay and progress bar color parameters

* Added cc language preference, cc load policy, disable keyboard controls, end time and interface language parameters

* Added enable IFrame API, iv load policy, loop, modest branding, origin and playlist parameters

* Updated the youtube extension documentation

Co-authored-by: luis.feliu <luis.feliu@mentormate.com>
2022-10-17 17:28:30 +02:00
Dominik Biedebach
ec595ff803 feat(extension/youtube): add paste handlers for youtube extension 2022-06-25 11:16:17 +02:00
Dominik
1c0554b7c0
feat(extension/youtube): new youtube embed extension (#2814)
* feat(extension/youtube):  new youtube embed extension

* fix(extension/youtube): remove wrong destroy call on undefined editor

* fix(extension/youtube): 🐛 fix youtu.be share urls not being recognized correctly

* style: remove stray console.log

* style: remove empty line

* docs(docs): update youtube docs

* Capitalize tiptap

* Capitalize Tiptap

* style(extension/youtube): ✏️ change youtube typing

Co-authored-by: Markus Krause <markus.krause@ueber.io>
2022-06-17 05:29:48 +02:00