[p2pu-dev] Google's Dart

zuzel.vp zuzel.vp at gmail.com
Wed Oct 12 00:42:42 UTC 2011 

The difference is that embedly take care of all the logic for
retrieving information about URLs, traversing html, making API calls
to hundreds of providers, processing RSS feeds, ***checking the URLs
against malware lists***, and validating all the information. URLs
that are not acepted by embedly just become links on p2pu not iframes.

I have already expresed my conserns againts the risks of freely
allowing iframes when we did this on the drupal site (can search for
that thread in our archive if someone is intersted). I think the
easiest solution is to extend the current embed.ly support to allow
different display sizes.

The django filter we are using to replace [embed:url] by the html
provided by embedly can be extended to parse [embed:url|400px]
width="300px" fragments of the html provided by embed.ly. Pull
requests are welcome. As jledbetter said, we have more hight priority
stuff going on but the concern about the embeds wdith is something
that has being mentioned before (currently 300px because it was the
simpler solution to make it fit both in comments and task pages). If
someone have not done it by the time we get to that todo I could
implement something like that.

-- 
Thanks,
    Zuzel

On Tue, Oct 11, 2011 at 4:11 PM, Dan Diebolt <dandiebolt at gmail.com> wrote:
> Do you realize that you currently CAN embed a <iframe>s using the embed.ly
> embed code? It is broken only in the sense that it doesn't display properly
> - the attack surface is no larger or smaller because the visual display of
> the <iframe> is broken. So whatever attack surface you imagine the <iframe>
> to have, you aren't disallow any <iframe>'s.
> So in a nutshell what I am hearing is this: we don't want to fix the current
> embed.ly display problem because we think <iframe>'s are naughty but we are
> just going to ignore the issue and allow users to embed <iframe>'s via
> embed.ly. That doesn't make any sense.
> _______________________________________________
> p2pu-dev mailing list
> p2pu-dev at lists.p2pu.org
> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>
>

More information about the p2pu-dev mailing list