iframely finds new ways to suck
-
@boomzilla said in Tales from Coronavee-rooss Italy, mamma mia!:
Check out where those “Joshua Berlinger” and “Laura Smith-Spark” links in the header go.
-
@kazitor said in iframely finds new ways to suck:
Check out where those “Joshua Berlinger” and “Laura Smith-Spark” links in the header go.
Spoiler alert:
/profiles/joshua-berlinger
and/profiles/laura-smith-spark
respectively.Straight out from this bit in the original page's source:
<meta data-rh="true" property="og:author" content="By <a href="/profiles/joshua-berlinger">Joshua Berlinger</a>, Adam Renton and <a href="/profiles/laura-smith-spark">Laura Smith-Spark</a>, CNN">
https://stackoverflow.com/a/9858694 says:
Documentation have nothing about it, but relative URLs will not work, only full URL including scheme works.
In 2012 in old Facebook bug tracker this bug was closed stating this is "by design"
-
So, CNN finds new ways to suck? Some would say that’s ASDESIGNED WONTFIX…
-
@kazitor For what it's worth, I think Facebook's "by design" and iframely's decision to respect that are both a higher level of stupid.
-
@Zecc said in iframely finds new ways to suck:
@kazitor For what it's worth, I think Facebook's "by design" and iframely's decision to respect that are both a higher level of stupid.
I mean what can they really do
- the site has garbage
- we sanitize the garbage
- it is now sane garbage
-
@ben_lubar You can make the link not relative, if you know where it came from.
-
@Zecc agreed - what's wrong with relative URLs? It makes it much easier to move a site (to a new domain or directory), and you can't possibly link to dangerous off-site material with one.
And sure you can write some script to make a link absolute if you know the servlet path (or your language's equivalent of that term) of the current request. But why should you have to do that?
-
@bobjanova There is
<base href>
, but that would require an iframe wrapper. IIRC, you can use iframes as html-level sandboxes nowadays? I'd expect<base href>
scopes to those. to test.
-
@ben_lubar said in iframely finds new ways to suck:
it is now
sanesanitised garbageDespite the same root, they're not the same thing. What we do is polish
-
@PleegWat said in iframely finds new ways to suck:
that would require an iframe wrapper.
I'm slightly concerned that these embeds aren't iframes.
-
@Zecc said in iframely finds new ways to suck:
@PleegWat said in iframely finds new ways to suck:
that would require an iframe wrapper.
I'm slightly concerned that these embeds aren't iframes.
Especially since the plugin itself is called iframely.
-
@kazitor said in iframely finds new ways to suck:
Check out where those “Joshua Berlinger” and “Laura Smith-Spark” links in the header go.
It just means we have reserved profiles for them. They should be honored.
-
@dkf said in iframely finds new ways to suck:
@ben_lubar said in iframely finds new ways to suck:
it is now
sanesanitised garbageDespite the same root, they're not the same thing. What we do is polish
Looks like English to me
-
@PleegWat said in iframely finds new ways to suck:
that would require an iframe wrapper
to securely mediate? Or no, those are regular frames, aren't they? Never mind.