YouTube embeds have their url swapped for non-admins.

I've been getting an influx of reports that when some one tries to embed a video on their profile (using the HTML editor I enabled), their HTML code is swapped upon save of their profile information to youtube-nocookie.com/embed/VIDEO?rel=0 when the intended outcome should be youtube.com/embed/VIDEO?autoplay=1

What filter is causing this on UNA v14.x?

As an admin/moderator, this does not impact us.

  • 1391
  • More
Replies (4)
    • Found the problem located in: inc/classes/BxDolHTMLPurifierFilterYouTube.php

      It's hard coded to remove user defined parameters within the iframe code, even if a user added ?rel=0&autoplay=1 to the iframe code, this purifier strips everything and just forces ?rel=0

      • Can you provide the code you used to fix @LoneTreeLeaf ?

        Thank you ahead of time 😊

        • My 'fix' is very sloppy until I can get a better understanding of how this purifier works.

          All my users needed is a way to embed YouTube videos on their profiles for autoplaying music for their visitors.

          So on line 20, I changed it to:

          $html = str_replace($result[0][$key], '$width . '" height="' . $height . '" src="' . $sProto . '://www.youtube.com/embed/' . $id . '?rel=0&autoplay=1">', $html);
          

          Stripping the -nocookie from the domain name and just adding in &autoplay=1, this way no matter what the user inputs, it will always autoplay the video as desired by the populous of my site. It also eases the pain of them having to remember to add the &autoplay=1 to their HTML code as not many are proficient in even HTML coding, understandably.

          So this sloppy edit of mine just requires the end-user to paste in the embed code they fetch from YouTube, paste it into their bio (using the HTML editor button of course), and away they go. No fuss, only if they wish to edit the width and height values.

          • To that end, I'm not sure what benefits or cons using the "-nocookie" variant of the YouTube services have. I was (at the time of this topic posts creation date) "Today Years Old" that I realized it was even a thing.

            I did some very light studying on nocookie domains, and from the little research I did, it can have a possibility to save on bandwidth. So edit this file with care in terms of its final domain output, adding the &autoplay=1 should still work with the -nocookie domain.

            Since the UNA devs decided to force this -nocookie domain in their code, they might have a better insight into why they decided upon it. @LeonidS @Alex T⚜️ @Anton L any insight?

            Login or Join to comment.