diff --git a/core/modules/media/config/schema/media.schema.yml b/core/modules/media/config/schema/media.schema.yml index f4b8a8c235..14b56df7a5 100644 --- a/core/modules/media/config/schema/media.schema.yml +++ b/core/modules/media/config/schema/media.schema.yml @@ -50,6 +50,9 @@ field.formatter.settings.oembed: max_height: type: integer label: 'Maximum height' + allowed_html_tags: + type: string + label: 'Allowed HTML tags' field.widget.settings.oembed_textfield: type: field.widget.settings.string_textfield diff --git a/core/modules/media/src/OEmbed/Provider.php b/core/modules/media/src/OEmbed/Provider.php index ddbae78564..f45997045d 100644 --- a/core/modules/media/src/OEmbed/Provider.php +++ b/core/modules/media/src/OEmbed/Provider.php @@ -2,8 +2,6 @@ namespace Drupal\media\OEmbed; -use Drupal\Component\Utility\UrlHelper; - /** * Value object for oEmbed providers. */ diff --git a/core/modules/media/src/OEmbed/ResourceFetcher.php b/core/modules/media/src/OEmbed/ResourceFetcher.php index c89ffa5b63..723c77971d 100644 --- a/core/modules/media/src/OEmbed/ResourceFetcher.php +++ b/core/modules/media/src/OEmbed/ResourceFetcher.php @@ -5,7 +5,6 @@ use Drupal\Component\Serialization\Json; use Drupal\Core\Cache\CacheBackendInterface; use Drupal\Core\Cache\UseCacheBackendTrait; -use Drupal\Core\Url; use GuzzleHttp\Client; use GuzzleHttp\Exception\RequestException; diff --git a/core/modules/media/src/Plugin/Field/FieldFormatter/OEmbedFormatter.php b/core/modules/media/src/Plugin/Field/FieldFormatter/OEmbedFormatter.php index d92fa1475a..8f8f0a26df 100644 --- a/core/modules/media/src/Plugin/Field/FieldFormatter/OEmbedFormatter.php +++ b/core/modules/media/src/Plugin/Field/FieldFormatter/OEmbedFormatter.php @@ -2,12 +2,12 @@ namespace Drupal\media\Plugin\Field\FieldFormatter; +use Drupal\Component\Utility\Xss; use Drupal\Core\Field\FieldDefinitionInterface; use Drupal\Core\Field\FieldItemListInterface; use Drupal\Core\Field\FormatterBase; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Logger\LoggerChannelFactoryInterface; -use Drupal\Core\Messenger\MessengerInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; use Drupal\Core\Url; use Drupal\media\OEmbed\OEmbedManagerInterface; @@ -25,7 +25,7 @@ * "link", * "string", * "string_long", - * } + * }, * ) */ class OEmbedFormatter extends FormatterBase implements ContainerFactoryPluginInterface { @@ -72,7 +72,7 @@ class OEmbedFormatter extends FormatterBase implements ContainerFactoryPluginInt * The resource fetcher service. * @param \Drupal\media\OEmbed\OEmbedManagerInterface $oembed_manager * The oEmbed manager service. - * @param \Drupal\Core\Logger\LoggerChannelFactory $logger_factory + * @param \Drupal\Core\Logger\LoggerChannelFactoryInterface $logger_factory * The logger service. */ public function __construct($plugin_id, $plugin_definition, FieldDefinitionInterface $field_definition, array $settings, $label, $view_mode, array $third_party_settings, ResourceFetcherInterface $resource_fetcher, OEmbedManagerInterface $oembed_manager, LoggerChannelFactoryInterface $logger_factory) { @@ -107,6 +107,7 @@ public static function defaultSettings() { return [ 'max_width' => 0, 'max_height' => 0, + 'allowed_html_tags' => '', ] + parent::defaultSettings(); } @@ -151,9 +152,11 @@ public function viewElements(FieldItemListInterface $items, $langcode) { case 'video': case 'rich': + $tags = explode(',', $this->getSetting('allowed_html_tags')); + $tags = array_map('trim', $tags); $element[$delta] = [ '#type' => 'inline_template', - '#template' => (string) $resource['html'], + '#template' => Xss::filter((string) $resource['html'], array_merge($tags, Xss::getHtmlTagList())), ]; break; @@ -189,6 +192,11 @@ public function settingsForm(array $form, FormStateInterface $form_state) { '#field_suffix' => $this->t('pixels'), '#min' => 0, ], + 'allowed_html_tags' => [ + '#type' => 'textfield', + '#title' => $this->t('Allowed HTML tags'), + '#default_value' => $this->getSetting('allowed_html_tags'), + ], ]; } @@ -213,6 +221,11 @@ public function settingsSummary() { '%max_height' => $this->getSetting('max_height'), ]); } + if ($this->getSetting('allowed_html_tags')) { + $summary[] = $this->t('Allowed HTML tags: %tags', [ + '%tags' => $this->getSetting('allowed_html_tags'), + ]); + } return $summary; } diff --git a/core/modules/media/src/Plugin/media/Source/OEmbed.php b/core/modules/media/src/Plugin/media/Source/OEmbed.php index ddad7a38df..1de80214bd 100644 --- a/core/modules/media/src/Plugin/media/Source/OEmbed.php +++ b/core/modules/media/src/Plugin/media/Source/OEmbed.php @@ -29,7 +29,7 @@ * description = @Translation("Use oEmbed URL for reusable media."), * allowed_field_types = {"string"}, * default_thumbnail_filename = "no-thumbnail.png", - * deriver = "Drupal\media\Plugin\media\Source\OEmbedDeriver" + * deriver = "Drupal\media\Plugin\media\Source\OEmbedDeriver", * ) */ class OEmbed extends MediaSourceBase implements OEmbedInterface { @@ -315,6 +315,9 @@ public function getSourceFieldConstraints() { public function prepareViewDisplay(MediaTypeInterface $type, EntityViewDisplayInterface $display) { $display->setComponent($this->getSourceFieldDefinition($type)->getName(), [ 'type' => 'oembed', + 'settings' => [ + 'allowed_html_tags' => $this->configuration['allowed_html_tags'], + ], ]); } diff --git a/core/modules/media/src/Plugin/media/Source/OEmbedDeriver.php b/core/modules/media/src/Plugin/media/Source/OEmbedDeriver.php index 00aa966b89..b3bf94e882 100644 --- a/core/modules/media/src/Plugin/media/Source/OEmbedDeriver.php +++ b/core/modules/media/src/Plugin/media/Source/OEmbedDeriver.php @@ -19,8 +19,8 @@ public function getDerivativeDefinitions($base_plugin_definition) { 'label' => t('Remote video'), 'description' => t('Use remote video URL for reusable media.'), 'supported_providers' => ['YouTube', 'Vimeo'], - 'settings' => [], 'default_thumbnail_filename' => 'video.png', + 'allowed_html_tags' => 'iframe', ] + $base_plugin_definition, ]; return parent::getDerivativeDefinitions($base_plugin_definition);