(embed) sandbox the iframe

[github/Chocobozzz/PeerTube.git] / server / controllers / services.ts

diff --git a/server/controllers/services.ts b/server/controllers/services.ts
index 3ac78a5df7c0149e2d2de68d9f0ed2ff8a771bf3..1f82db9c40a7a7c6a71ddee1978251f391eb2b09 100644 (file)
--- a/server/controllers/services.ts
+++ b/server/controllers/services.ts
@@ -1,6 +1,7 @@
 import * as express from 'express'
 import { CONFIG, EMBED_SIZE, PREVIEWS_SIZE } from '../initializers'
 import { asyncMiddleware, oembedValidator } from '../middlewares'
+import { accountsNameWithHostGetValidator } from '../middlewares/validators'
 import { VideoModel } from '../models/video/video'
 
 const servicesRouter = express.Router()
@@ -9,6 +10,10 @@ servicesRouter.use('/oembed',
   asyncMiddleware(oembedValidator),
   generateOEmbed
 )
+servicesRouter.use('/redirect/accounts/:accountName',
+  asyncMiddleware(accountsNameWithHostGetValidator),
+  redirectToAccountUrl
+)
 
 // ---------------------------------------------------------------------------
 
@@ -40,7 +45,7 @@ function generateOEmbed (req: express.Request, res: express.Response, next: expr
     thumbnailUrl = undefined
   }
 
-  const html = `<iframe width="${embedWidth}" height="${embedHeight}" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>`
+  const html = `<iframe width="${embedWidth}" height="${embedHeight}" sandbox="allow-same-origin allow-scripts" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>`
 
   const json: any = {
     type: 'video',
@@ -62,3 +67,7 @@ function generateOEmbed (req: express.Request, res: express.Response, next: expr
 
   return res.json(json)
 }
+
+function redirectToAccountUrl (req: express.Request, res: express.Response, next: express.NextFunction) {
+  return res.redirect(res.locals.account.Actor.url)
+}