Page 3 of 4

Re: Flash content not showing

Posted: 19 Mar 2013, 15:13
by fox
No way I'm going to parse CSS declarations and in general try to replicate htmLawed terribleness in tt-rss. It's supposed to be a very simple and small filter.

Re: Flash content not showing

Posted: 19 Mar 2013, 15:15
by phz
fox wrote:Yep. This could lead to easy layout breaking. I'll add the noted tags, thanks for posting the list.

Edit: I like how I have no idea the hell most of this tags do.

An obvious "doh!" moment if you copy-pasted my list from the code listing:

Code: Select all

      'h1–h6',

should be

Code: Select all

      'h1',
      'h2',
      'h3',
      'h4',
      'h5',
      'h6',

I was a a bit too happy with my search-and-replace command that generated the code from the previous tag lists :-D .

Re: Flash content not showing

Posted: 19 Mar 2013, 15:17
by fox
Yes that and double iframe there, which got pointed by someone on github.

Re: Flash content not showing

Posted: 19 Mar 2013, 15:20
by fox
On the subject of CSS; STYLE="background-image: expression(alert('Is_XSS_HERE?))"> etc etc

Re: Flash content not showing

Posted: 19 Mar 2013, 15:46
by dxbi
Alright. You win :)

Re: Flash content not showing

Posted: 19 Mar 2013, 21:28
by Cwiiis
With current git, I get black rectangles where videos should be on this feed: http://www.polygon.com/rss/index.xml - expected?

Re: Flash content not showing

Posted: 19 Mar 2013, 21:43
by Cwiiis
Also with current git, the most recent article on http://what-if.xkcd.com/feed.atom shows no content - but it does show content on the last release I tried (1.7.2). I mention it here as it sounds like maybe the safe/unsafe element code might have been something that could have caused things like this (sorry if I'm totally off-base).

Re: Flash content not showing

Posted: 19 Mar 2013, 21:54
by fox
Yeah sandboxed iframes don't work with flash player, on the other hand having unsandboxed iframes is a huge risk. html5 video now works properly, and embed/objects should too, supposedly.

Re: Flash content not showing

Posted: 19 Mar 2013, 21:57
by fox
Cwiiis wrote:Also with current git, the most recent article on http://what-if.xkcd.com/feed.atom shows no content - but it does show content on the last release I tried (1.7.2). I mention it here as it sounds like maybe the safe/unsafe element code might have been something that could have caused things like this (sorry if I'm totally off-base).


They put everything inside an <article> tag which is apparently some html5 thingamabob. I'll add it to the exclusion list, thanks.

Re: Flash content not showing

Posted: 20 Mar 2013, 22:18
by fox
Apparently it's supposed to be safe to enable scripts in a sandboxed iframe, which makes the videos playable for me in firefox. So, yay.

https://github.com/gothfox/Tiny-Tiny-RS ... 83f319b4ed

Re: Flash content not showing

Posted: 21 Mar 2013, 16:43
by fox
This sandboxed iframe thing is pretty cool. I made a simple plugin to toggle embedding full article content within tt-rss. It scroll like shit (predictably), but it works.

2013-03-21_16-40-26.png
2013-03-21_16-40-26.png (303.49 KiB) Viewed 3090 times

Re: Flash content not showing

Posted: 21 Mar 2013, 16:50
by skeptix
I have always wanted to use my rss reader as a way to read PDF. Is it conceivable to have a plugin that would open and embed a pdf (the link to the pdf could be the link of the article in the rss feed) the same way you displayed the website with your plugin?

Re: Flash content not showing

Posted: 21 Mar 2013, 16:56
by fox
Yeah, you can probably use PDF.js for that. Or something. It is entirely possible.

Re: Flash content not showing

Posted: 21 Mar 2013, 20:12
by skeptix
fox wrote:Yeah, you can probably use PDF.js for that. Or something. It is entirely possible.

Thanks, it works automagically on firefox! I tried pdf.js on chrome, but it seems to lack many features so it doesn't work properly. I am thinking about moving to firefox now.

Re: Flash content not showing

Posted: 28 Mar 2013, 14:29
by davide_c
hi all

I'm one of the users migrating from google reader... so far I'm very satisfied with tt-rss (i've been using it for a couple of weeks).
The only thing that still bugs me is not being able to see the comments correctly in the slashdot feed.
The comments are loaded in an iframe, and, as suggested some posts above, in lib/htmlLawed.php i commented out the 'iframe' tag in this line:

Code: Select all

    unset($e['applet'], $e['embed'], $e['iframe'], $e['object'], $e['script']);


The comments now show up, but the size is limited to a size of 300x150.
Clipboard01.jpg
Clipboard01.jpg (25.61 KiB) Viewed 2953 times


So my first thought was making a small plugin with a simple regexp that replaces '<iframe ' with '<iframe width="100%" ' or '<iframe width="600px%" '.
The plugin does work, I checked the article text directly inside the database, and the code is injected correctly. However it's still limited to the 300x150 size, and i don't know where it does inherit those properties.

any hints??

thanks
davide