Browse Source
PostEmbed の安全性強化(#130) (#263)
#130 #130 #130 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: https://git.miteruzo.com/miteruzo/btrc-hub/pulls/263main
1 changed files with 23 additions and 5 deletions
Unified View
Diff Options
+ 23
- 5
frontend/src/components/PostEmbed.tsx
View File
| @@ -18,17 +18,35 @@ export default (({ post }: Props) => { | |||||
| { | { | ||||
| case 'nicovideo.jp': | case 'nicovideo.jp': | ||||
| { | { | ||||
| const [videoId] = url.pathname.match (/(?<=\/watch\/)[a-zA-Z0-9]+?(?=\/|$)/)! | |||||
| const mVideoId = url.pathname.match (/(?<=\/watch\/)[a-zA-Z0-9]+?(?=\/|$)/) | |||||
| if (!(mVideoId)) | |||||
| break | |||||
| const [videoId] = mVideoId | |||||
| return <NicoViewer id={videoId} width={640} height={360}/> | return <NicoViewer id={videoId} width={640} height={360}/> | ||||
| } | } | ||||
| case 'twitter.com': | case 'twitter.com': | ||||
| case 'x.com': | case 'x.com': | ||||
| const [userId] = url.pathname.match (/(?<=\/)[^\/]+?(?=\/|$|\?)/)! | |||||
| const [statusId] = url.pathname.match (/(?<=\/status\/)\d+?(?=\/|$|\?)/)! | |||||
| return <TwitterEmbed userId={userId} statusId={statusId}/> | |||||
| { | |||||
| const mUserId = url.pathname.match (/(?<=\/)[^\/]+?(?=\/|$|\?)/) | |||||
| const mStatusId = url.pathname.match (/(?<=\/status\/)\d+?(?=\/|$|\?)/) | |||||
| if (!(mUserId) || !(mStatusId)) | |||||
| break | |||||
| const [userId] = mUserId | |||||
| const [statusId] = mStatusId | |||||
| return <TwitterEmbed userId={userId} statusId={statusId}/> | |||||
| } | |||||
| case 'youtube.com': | case 'youtube.com': | ||||
| { | { | ||||
| const videoId = url.searchParams.get ('v')! | |||||
| const videoId = url.searchParams.get ('v') | |||||
| if (!(videoId)) | |||||
| break | |||||
| return ( | return ( | ||||
| <YoutubeEmbed videoId={videoId} opts={{ playerVars: { | <YoutubeEmbed videoId={videoId} opts={{ playerVars: { | ||||
| playsinline: 1, | playsinline: 1, | ||||