Chris Blizzard: Admins for the various planets should probably update their feedparser versions to pick up this fix to get ready for the new video-enabled world.
I’d love to have a way to either either allow selected <object>
or <embed>
tags, or to outright convert them to <audio>
or <video>
. Unfortunately, at the moment, all planet post-processing and filtering is post-feed parsing, which is where the sanitization logic currently sits. A while back, I started to experiment with yet another refactoring, but haven’t devoted enough time to see that through.
Bug 463955 - Planet Mozilla should strip autoplay attribute from <video> element
I’d love to have a way to either either allow selected
<object>
or<embed>
tags, or to outright convert them to<audio>
or<video>
.
Actually, the converse would be more interesting. A javascript which converted <audio>
or <video>
elements to the corresponding <object>
+ <embed>
elements for legacy browsers.
If one could reliably convert <object>
(in all its multifarious permutations) to one of the “safe” HTML5 alternatives, one could presumably just spit out a safe (sanitized) version of <object>
. That would take care of handling other peoples' <object>
tags.
I don’t know how to do that. But, then, I didn’t know how to sanitize CSS before you taught me.
For one’s own content, it makes more sense to emit <video>
, and have the recipient (using scripting) turn it into something more useful.