This module provides support to add Panopto video URL into Video Embed Field.
Git clone url : git clone --branch 7.x-1.x https://git.drupal.org/project/video_embed_panopto.git
Project url : https://www.drupal.org/project/video_embed_panopto
Manual reviews of other projects
https://www.drupal.org/node/2884075#comment-12120468
https://www.drupal.org/node/2853833#comment-12120493
https://www.drupal.org/node/2881405#comment-12120533
https://www.drupal.org/node/2884075#comment-12120803
Comments
Comment #2
jadhavdevendra CreditAttribution: jadhavdevendra as a volunteer commentedComment #3
jadhavdevendra CreditAttribution: jadhavdevendra as a volunteer commentedComment #4
PA robot CreditAttribution: PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #5
jadhavdevendra CreditAttribution: jadhavdevendra as a volunteer commentedCan someone review and make it RTBC or needs work?
Comment #6
tatarbjLet me start it and get back to you @jadhavdevendra in a few hours!
Cheers,
Balazs.
Comment #7
tatarbjHi @jadhavdevendra,
i've reviewed the module and found security issue with the tpl file where $width and $height are not sanitized and open for XSS.
When you create a new video embed style and under the panopto video settings one of the textfield you use with this code snippet, the XSS issue occure and because of this, the module is not safe to be used.
"></iframe><script>alert('XSS')</script>
One possible solution could be to sanitize it before printing it out from a preprocess function, or even (that's a bit less nice) in the tpl file.
Currently the module also needs tests, that is definitely not a blocker issue, but for me personally took time to get how it could work, also had to manually modify the code to accept this url from panopto site: https://demo.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=31b3bd0f-32... (basically the domain had to be added in video_embed_panopto_video_embed_handler_info() as it should have been done in an info_alter() - i don't really know how big can be the use case for this purpose, but as an improvement could be to implement an admin interface where new domains can be added and will be handled here.
Also a hook_help() should be implemented to show the README.md's content on the website.
Let me know if you need more help by my side, but basically the first issue is a blocker to accept the application.
Bests,
Balazs.
Comment #8
jadhavdevendra CreditAttribution: jadhavdevendra as a volunteer commented@tatarbj I really appreciate you taking time out and helping reviewing the module.
Comment #9
tatarbjHi @jadhavdevendra,
thanks for the required changes to be implemented, i've checked it and again tested the module and i think we are good to go!
Nice work!
Bests,
Balazs.
Comment #10
apadernoThank you for your contribution!
I am going to update your account so you can opt into security advisory coverage now.
These are some recommended readings to help with excellent maintainership:
You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank all the dedicated reviewers as well.
Comment #11
apaderno