From d7f6a0a30e26c8d08a55febdbf9ae868c36f71cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois?= Date: Tue, 19 Dec 2023 11:46:17 +0100 Subject: [PATCH] XSS fix: use tarteaucitron.getElemAttr intead of getAttribute everywhere it's possible --- tarteaucitron.services.js | 418 +++++++++++++++++++------------------- 1 file changed, 209 insertions(+), 209 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index ee528510..b36c6afa 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -13,7 +13,7 @@ tarteaucitron.services.iframe = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_iframe'], function (x) { - var frame_title = (tarteaucitron.getElemAttr(x,"title")) ? tarteaucitron.fixSelfXSS(tarteaucitron.getElemAttr(x,"title")) : '', + var frame_title = (tarteaucitron.getElemAttr(x,"title")) ? tarteaucitron.getElemAttr(x,"title") : '', width = tarteaucitron.getElemAttr(x,"width"), height = tarteaucitron.getElemAttr(x,"height"), allowfullscreen = tarteaucitron.getElemAttr(x,"allowfullscreen"), @@ -102,10 +102,10 @@ tarteaucitron.services.twitch = { "js": function () { "use strict"; tarteaucitron.fallback(['twitch_player'], function (x) { - var id = x.getAttribute('videoID'), - parent = x.getAttribute('parent'), - width = x.getAttribute('width'), - height = x.getAttribute('height'); + var id = tarteaucitron.getElemAttr(x, 'videoID'), + parent = tarteaucitron.getElemAttr(x, 'parent'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'); var embedURL = "https://player.twitch.tv/?video=" + id + "&parent=" + parent; return ""; }); @@ -603,7 +603,7 @@ tarteaucitron.services.kwanko = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_kwanko'], function (x) { - var mclic = x.getAttribute("data-mclic"); + var mclic = tarteaucitron.getElemAttr(x, "data-mclic"); return ''; }); @@ -815,11 +815,11 @@ tarteaucitron.services.videas = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_videas'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Videas iframe'), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - id = x.getAttribute("data-id"), - allowfullscreen = x.getAttribute("allowfullscreen"); + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Videas iframe', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + id = tarteaucitron.getElemAttr(x, "data-id"), + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"); return ''; }); @@ -1202,7 +1202,7 @@ tarteaucitron.services.xandrsegment = { tarteaucitron.fallback(['xandrsegment-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -1244,7 +1244,7 @@ tarteaucitron.services.xandrconversion = { tarteaucitron.fallback(['xandrconversion-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -1277,11 +1277,11 @@ tarteaucitron.services.helloasso = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_helloasso'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'HelloAsso iframe'), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - url = x.getAttribute("data-url"), - allowfullscreen = x.getAttribute("allowfullscreen"); + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'HelloAsso iframe', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + url = tarteaucitron.getElemAttr(x, "data-url"), + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"); return ''; }); @@ -1308,11 +1308,11 @@ tarteaucitron.services.podcloud = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_podcloud'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'podCloud iframe'), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - url = x.getAttribute("data-url"), - allowfullscreen = x.getAttribute("allowfullscreen"); + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'podCloud iframe', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + url = tarteaucitron.getElemAttr(x, "data-url"), + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"); return ''; }); @@ -1339,13 +1339,13 @@ tarteaucitron.services.facebookpost = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_facebookpost'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Facebook iframe'), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - url = x.getAttribute("data-url"), - appId = x.getAttribute("data-appid"), - allowfullscreen = x.getAttribute("allowfullscreen"), - showText = x.getAttribute("data-show-text"); + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Facebook iframe', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + url = tarteaucitron.getElemAttr(x, "data-url"), + appId = tarteaucitron.getElemAttr(x, "data-appid"), + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"), + showText = tarteaucitron.getElemAttr(x, "data-show-text"); return ''; }); @@ -1753,9 +1753,9 @@ tarteaucitron.services.amazon = { "js": function () { "use strict"; tarteaucitron.fallback(['amazon_product'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Amazon iframe'), - amazonId = x.getAttribute("amazonid"), - productId = x.getAttribute("productid"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Amazon iframe', + amazonId = tarteaucitron.getElemAttr(x, "amazonid"), + productId = tarteaucitron.getElemAttr(x, "productid"), url = '//ws-eu.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=' + tarteaucitron.getLanguage().toUpperCase() + '&source=ss&ref=ss_til&ad_type=product_link&tracking_id=' + amazonId + '&marketplace=amazon®ion=' + tarteaucitron.getLanguage().toUpperCase() + '&placement=' + productId + '&asins=' + productId + '&show_border=true&link_opens_in_new_window=true', iframe = ''; @@ -1780,12 +1780,12 @@ tarteaucitron.services.calameo = { "js": function () { "use strict"; tarteaucitron.fallback(['calameo-canvas'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Calameo iframe'), - id = x.getAttribute("data-id"), - width = x.getAttribute("width"), - height = x.getAttribute("height"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Calameo iframe', + id = tarteaucitron.getElemAttr(x, "data-id"), + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), url = '//v.calameo.com/?bkcode=' + id, - allowfullscreen = x.getAttribute("allowfullscreen"); + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"); return ''; }); @@ -1842,7 +1842,7 @@ tarteaucitron.services.clicmanager = { tarteaucitron.fallback(['clicmanager-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -1949,7 +1949,7 @@ tarteaucitron.services.criteo = { tarteaucitron.fallback(['criteo-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -2012,12 +2012,12 @@ tarteaucitron.services.artetv = { "js": function () { "use strict"; tarteaucitron.fallback(['artetv_player'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Arte.tv iframe'), - video_json = x.getAttribute("json"), - video_width = x.getAttribute("width"), - video_height = x.getAttribute("height"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Arte.tv iframe', + video_json = tarteaucitron.getElemAttr(x, "json"), + video_width = tarteaucitron.getElemAttr(x, "width"), + video_height = tarteaucitron.getElemAttr(x, "height"), video_frame, - video_allowfullscreen = x.getAttribute("allowfullscreen"); + video_allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"); if (video_json === undefined) { return ""; @@ -2049,7 +2049,7 @@ tarteaucitron.services.dailymotion = { "js": function () { "use strict"; tarteaucitron.fallback(['dailymotion_player'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(tarteaucitron.getElemAttr(x, "title") || 'Dailymotion iframe'), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Dailymotion iframe', video_id = tarteaucitron.getElemAttr(x, "videoID"), video_width = tarteaucitron.getElemAttr(x, "width"), frame_width = 'width=', @@ -2105,17 +2105,17 @@ tarteaucitron.services.datingaffiliation = { "js": function () { "use strict"; tarteaucitron.fallback(['datingaffiliation-canvas'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Dating Affiliation iframe'), - comfrom = x.getAttribute("data-comfrom"), - r = x.getAttribute("data-r"), - p = x.getAttribute("data-p"), - cf0 = x.getAttribute("data-cf0"), - langue = x.getAttribute("data-langue"), - forward_affiliate = x.getAttribute("data-forwardAffiliate"), - cf2 = x.getAttribute("data-cf2"), - cfsa2 = x.getAttribute("data-cfsa2"), - width = x.getAttribute("width"), - height = x.getAttribute("height"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Dating Affiliation iframe', + comfrom = tarteaucitron.getElemAttr(x, "data-comfrom"), + r = tarteaucitron.getElemAttr(x, "data-r"), + p = tarteaucitron.getElemAttr(x, "data-p"), + cf0 = tarteaucitron.getElemAttr(x, "data-cf0"), + langue = tarteaucitron.getElemAttr(x, "data-langue"), + forward_affiliate = tarteaucitron.getElemAttr(x, "data-forwardAffiliate"), + cf2 = tarteaucitron.getElemAttr(x, "data-cf2"), + cfsa2 = tarteaucitron.getElemAttr(x, "data-cfsa2"), + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), url = 'http://www.tools-affil2.com/rotaban/ban.php?' + comfrom; return ''; @@ -2149,7 +2149,7 @@ tarteaucitron.services.datingaffiliationpopup = { tarteaucitron.fallback(['datingaffiliationpopup-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -2196,18 +2196,18 @@ tarteaucitron.services.deezer = { "js": function () { "use strict"; tarteaucitron.fallback(['deezer_player'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Deezer iframe'), - deezer_id = x.getAttribute("deezerID"), - deezer_width = x.getAttribute("width"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Deezer iframe', + deezer_id = tarteaucitron.getElemAttr(x, "deezerID"), + deezer_width = tarteaucitron.getElemAttr(x, "width"), frame_width = 'width=', - deezer_height = x.getAttribute("height"), + deezer_height = tarteaucitron.getElemAttr(x, "height"), frame_height = 'height=', deezer_frame, - embed_theme = x.getAttribute("theme"), - embed_type = x.getAttribute("embedType"), - radius = x.getAttribute("radius"), - tracklist = x.getAttribute("tracklist"), - allowfullscreen = x.getAttribute("allowfullscreen"), + embed_theme = tarteaucitron.getElemAttr(x, "theme"), + embed_type = tarteaucitron.getElemAttr(x, "embedType"), + radius = tarteaucitron.getElemAttr(x, "radius"), + tracklist = tarteaucitron.getElemAttr(x, "tracklist"), + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"), params; if (deezer_id === undefined) { @@ -2986,11 +2986,11 @@ tarteaucitron.services.genially = { "use strict"; tarteaucitron.fallback(['tac_genially'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'genially iframe'), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - geniallyid = x.getAttribute("geniallyid"), - allowfullscreen = x.getAttribute("allowfullscreen"); + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'genially iframe', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + geniallyid = tarteaucitron.getElemAttr(x, "geniallyid"), + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"); return '
'; }); @@ -3037,7 +3037,7 @@ tarteaucitron.services.googlemaps = { tarteaucitron.fallback(['googlemaps-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); var i; @@ -3069,12 +3069,12 @@ tarteaucitron.services.googlemapssearch = { "js": function () { "use strict"; tarteaucitron.fallback(['googlemapssearch'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Google search iframe'), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - // url = x.getAttribute("data-url"); - query = escape(x.getAttribute("data-search")), - key = x.getAttribute("data-api-key"); + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Google search iframe', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + // url = tarteaucitron.getElemAttr(x, "data-url"); + query = escape(tarteaucitron.getElemAttr(x, "data-search")), + key = tarteaucitron.getElemAttr(x, "data-api-key"); return ' ' }); @@ -3101,10 +3101,10 @@ tarteaucitron.services.googlemapsembed = { "js": function () { "use strict"; tarteaucitron.fallback(['googlemapsembed'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Google maps iframe'), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Google maps iframe', width = tarteaucitron.getElemWidth(x), height = tarteaucitron.getElemHeight(x), - url = x.getAttribute("data-url"); + url = tarteaucitron.getElemAttr(x, "data-url"); return ''; }); @@ -3134,7 +3134,7 @@ tarteaucitron.services.openstreetmap = { tarteaucitron.fallback(['openstreetmap'], function (x) { var width = tarteaucitron.getElemWidth(x), height = tarteaucitron.getElemHeight(x), - url = x.getAttribute("data-url"); + url = tarteaucitron.getElemAttr(x, "data-url"); return ''; }); @@ -3163,7 +3163,7 @@ tarteaucitron.services.geoportail = { tarteaucitron.fallback(['geoportail'], function (x) { var width = tarteaucitron.getElemWidth(x), height = tarteaucitron.getElemHeight(x), - url = x.getAttribute("data-url"); + url = tarteaucitron.getElemAttr(x, "data-url"); return ''; }); @@ -3285,11 +3285,11 @@ tarteaucitron.services.instagram = { "js": function () { "use strict"; tarteaucitron.fallback(['instagram_post'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Instagram iframe'), - post_id = x.getAttribute('postId'), - post_permalink = x.getAttribute('data-instgrm-permalink'), - embed_width = x.getAttribute('width'), - embed_height = x.getAttribute('height'), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Instagram iframe', + post_id = tarteaucitron.getElemAttr(x, 'postId'), + post_permalink = tarteaucitron.getElemAttr(x, 'data-instgrm-permalink'), + embed_width = tarteaucitron.getElemAttr(x, 'width'), + embed_height = tarteaucitron.getElemAttr(x, 'height'), frame_width, frame_height, post_frame; @@ -3528,7 +3528,7 @@ tarteaucitron.services.prelinker = { tarteaucitron.fallback(['prelinker-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -3559,10 +3559,10 @@ tarteaucitron.services.prezi = { "js": function () { "use strict"; tarteaucitron.fallback(['prezi-canvas'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Prezi iframe'), - id = x.getAttribute("data-id"), - width = x.getAttribute("width"), - height = x.getAttribute("height"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Prezi iframe', + id = tarteaucitron.getElemAttr(x, "data-id"), + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), url = 'https://prezi.com/embed/' + id + '/?bgcolor=ffffff&lock_to_path=0&autoplay=0&autohide_ctrls=0'; return ''; @@ -3596,7 +3596,7 @@ tarteaucitron.services.pubdirecte = { tarteaucitron.fallback(['pubdirecte-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -3715,7 +3715,7 @@ tarteaucitron.services.rumbletalk = { tarteaucitron.fallback(['rumbletalk'], function (x) { var width = tarteaucitron.getElemWidth(x), height = tarteaucitron.getElemHeight(x), - id = x.getAttribute("data-id"); + id = tarteaucitron.getElemAttr(x, "data-id"); return '
'; }); @@ -3777,7 +3777,7 @@ tarteaucitron.services.shareasale = { tarteaucitron.fallback(['shareasale-canvas'], function (x) { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); - return '
'; + return '
'; }); for (i = 0; i < uniqIds.length; i += 1) { @@ -3845,10 +3845,10 @@ tarteaucitron.services.slideshare = { "js": function () { "use strict"; tarteaucitron.fallback(['slideshare-canvas'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Slideshare iframe'), - id = x.getAttribute("data-id"), - width = x.getAttribute("width"), - height = x.getAttribute("height"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Slideshare iframe', + id = tarteaucitron.getElemAttr(x, "data-id"), + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), url = '//www.slideshare.net/slideshow/embed_code/' + id; return ''; @@ -3876,21 +3876,21 @@ tarteaucitron.services.soundcloud = { js: function () { "use strict"; tarteaucitron.fallback(['soundcloud_player'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Soundcloud iframe'), - player_height = x.getAttribute('data-height'), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Soundcloud iframe', + player_height = tarteaucitron.getElemAttr(x, 'data-height'), frame_height = 'height="' + player_height + '" ', - playable_id = x.getAttribute('data-playable-id'), - playable_type = x.getAttribute('data-playable-type'), - playable_url = x.getAttribute('data-playable-url'), - color = x.getAttribute('data-color'), - autoplay = x.getAttribute('data-auto-play'), - hideRelated = x.getAttribute('data-hide-related'), - showComments = x.getAttribute('data-show-comments'), - showUser = x.getAttribute('data-show-user'), - showReposts = x.getAttribute('data-show-reposts'), - showTeaser = x.getAttribute('data-show-teaser'), - visual = x.getAttribute('data-visual'), - artwork = x.getAttribute('data-artwork'); + playable_id = tarteaucitron.getElemAttr(x, 'data-playable-id'), + playable_type = tarteaucitron.getElemAttr(x, 'data-playable-type'), + playable_url = tarteaucitron.getElemAttr(x, 'data-playable-url'), + color = tarteaucitron.getElemAttr(x, 'data-color'), + autoplay = tarteaucitron.getElemAttr(x, 'data-auto-play'), + hideRelated = tarteaucitron.getElemAttr(x, 'data-hide-related'), + showComments = tarteaucitron.getElemAttr(x, 'data-show-comments'), + showUser = tarteaucitron.getElemAttr(x, 'data-show-user'), + showReposts = tarteaucitron.getElemAttr(x, 'data-show-reposts'), + showTeaser = tarteaucitron.getElemAttr(x, 'data-show-teaser'), + visual = tarteaucitron.getElemAttr(x, 'data-visual'), + artwork = tarteaucitron.getElemAttr(x, 'data-artwork'); var allowAutoplay = autoplay === 'true' ? 'allow="autoplay"' : ''; @@ -3937,11 +3937,11 @@ tarteaucitron.services.spotify = { "js": function () { "use strict"; tarteaucitron.fallback(['spotify_player'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Spotify iframe'), - spotify_id = x.getAttribute("spotifyID"), - spotify_width = x.getAttribute("width"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Spotify iframe', + spotify_id = tarteaucitron.getElemAttr(x, "spotifyID"), + spotify_width = tarteaucitron.getElemAttr(x, "width"), frame_width = 'width=', - spotify_height = x.getAttribute("height"), + spotify_height = tarteaucitron.getElemAttr(x, "height"), frame_height = 'height=', spotify_frame; @@ -4015,17 +4015,17 @@ tarteaucitron.services.timelinejs = { "js": function () { "use strict"; tarteaucitron.fallback(['timelinejs-canvas'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Twitter iframe'), - spreadsheet_id = x.getAttribute("spreadsheet_id"), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - lang = x.getAttribute("lang_2_letter"), - font = x.getAttribute("font"), - map = x.getAttribute("map"), - start_at_end = x.getAttribute("start_at_end"), - hash_bookmark = x.getAttribute("hash_bookmark"), - start_at_slide = x.getAttribute("start_at_slide"), - start_zoom = x.getAttribute("start_zoom"), + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Twitter iframe', + spreadsheet_id = tarteaucitron.getElemAttr(x, "spreadsheet_id"), + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + lang = tarteaucitron.getElemAttr(x, "lang_2_letter"), + font = tarteaucitron.getElemAttr(x, "font"), + map = tarteaucitron.getElemAttr(x, "map"), + start_at_end = tarteaucitron.getElemAttr(x, "start_at_end"), + hash_bookmark = tarteaucitron.getElemAttr(x, "hash_bookmark"), + start_at_slide = tarteaucitron.getElemAttr(x, "start_at_slide"), + start_zoom = tarteaucitron.getElemAttr(x, "start_zoom"), url = '//cdn.knightlab.com/libs/timeline/latest/embed/index.html?source=' + spreadsheet_id + '&font=' + font + '&maptype=' + map + '&lang=' + lang + '&start_at_end=' + start_at_end + '&hash_bookmark=' + hash_bookmark + '&start_at_slide=' + start_at_slide + '&start_zoom_adjust=' + start_zoom + '&height=' + height; return ''; @@ -4138,12 +4138,12 @@ tarteaucitron.services.twitterembed = { var uniqId = '_' + Math.random().toString(36).substr(2, 9); uniqIds.push(uniqId); html = '
0) return a + "=" + x.getAttribute(a); + if (a && a.length > 0) return a + "=" + tarteaucitron.getElemAttr(x, a); }).join("/"); if (album_id === null) { @@ -5580,9 +5580,9 @@ tarteaucitron.services.discord = { "js": function () { "use strict"; tarteaucitron.fallback(['discord_widget'], function (x) { - var id = x.getAttribute("guildID"), - width = x.getAttribute("width"), - height = x.getAttribute("height") + var id = tarteaucitron.getElemAttr(x, "guildID"), + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height") var widgetURL = "https://discord.com/widget?id=" + id; return ""; }); @@ -5609,9 +5609,9 @@ tarteaucitron.services.maps_noapi = { "js": function () { "use strict"; tarteaucitron.fallback(['googlemaps_embed'], function (x) { - var id = x.getAttribute("id"), - width = x.getAttribute("width"), - height = x.getAttribute("height") + var id = tarteaucitron.getElemAttr(x, "id"), + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height") var widgetURL = "https://www.google.com/maps/embed?pb=" + id; return ""; }); @@ -5658,9 +5658,9 @@ tarteaucitron.services.fculture = { "js": function () { "use strict"; tarteaucitron.fallback(['fculture_embed'], function (x) { - var id = x.getAttribute('id'), - width = x.getAttribute('width'), - height = x.getAttribute('height'); + var id = tarteaucitron.getElemAttr(x, 'id'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'); return "" }); }, @@ -5682,11 +5682,11 @@ tarteaucitron.services.acast = { "js": function () { "use strict"; tarteaucitron.fallback(['acast_embed'], function (x) { - var id = x.getAttribute('id1'), - id2 = x.getAttribute('id2'), - width = x.getAttribute('width'), - height = x.getAttribute('height'), - seek = x.getAttribute('seek'); + var id = tarteaucitron.getElemAttr(x, 'id1'), + id2 = tarteaucitron.getElemAttr(x, 'id2'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'), + seek = tarteaucitron.getElemAttr(x, 'seek'); var widgetURL = "https://embed.acast.com/" + id + "/" + id2 + "?seek=" + seek; return ""; }); @@ -5709,12 +5709,12 @@ tarteaucitron.services.mixcloud = { "js": function () { "use strict"; tarteaucitron.fallback(['mixcloud_embed'], function (x) { - var id = x.getAttribute('id'), - hidecover = x.getAttribute('hidecover'), - mini = x.getAttribute('mini'), - light = x.getAttribute('light'), - width = x.getAttribute('width'), - height = x.getAttribute('height'); + var id = tarteaucitron.getElemAttr(x, 'id'), + hidecover = tarteaucitron.getElemAttr(x, 'hidecover'), + mini = tarteaucitron.getElemAttr(x, 'mini'), + light = tarteaucitron.getElemAttr(x, 'light'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'); return ""; }); }, @@ -5736,9 +5736,9 @@ tarteaucitron.services.gagenda = { "js": function () { "use strict"; tarteaucitron.fallback(['gagenda_embed'], function (x) { - var calendar_data = x.getAttribute('data'), - width = x.getAttribute('width'), - height = x.getAttribute('height'); + var calendar_data = tarteaucitron.getElemAttr(x, 'data'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'); return ""; }); }, @@ -5760,9 +5760,9 @@ tarteaucitron.services.gdocs = { "js": function () { "use strict"; tarteaucitron.fallback(['gdocs_embed'], function (x) { - var id = x.getAttribute('id'), - width = x.getAttribute('width'), - height = x.getAttribute('height'); + var id = tarteaucitron.getElemAttr(x, 'id'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'); return ""; }); }, @@ -5784,10 +5784,10 @@ tarteaucitron.services.gsheets = { "js": function () { "use strict"; tarteaucitron.fallback(['gsheets_embed'], function (x) { - var id = x.getAttribute('id'), - width = x.getAttribute('width'), - height = x.getAttribute('height'), - headers = x.getAttribute('headers'); + var id = tarteaucitron.getElemAttr(x, 'id'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'), + headers = tarteaucitron.getElemAttr(x, 'headers'); return ""; }); }, @@ -5809,12 +5809,12 @@ tarteaucitron.services.gslides = { "js": function () { "use strict"; tarteaucitron.fallback(['gslides_embed'], function (x) { - var id = x.getAttribute('id'), - width = x.getAttribute('width'), - height = x.getAttribute('height'), - autostart = x.getAttribute('autostart'), - loop = x.getAttribute('loop'), - delay = x.getAttribute('delay'); + var id = tarteaucitron.getElemAttr(x, 'id'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'), + autostart = tarteaucitron.getElemAttr(x, 'autostart'), + loop = tarteaucitron.getElemAttr(x, 'loop'), + delay = tarteaucitron.getElemAttr(x, 'delay'); return ""; }); }, @@ -5836,9 +5836,9 @@ tarteaucitron.services.gforms = { "js": function () { "use strict"; tarteaucitron.fallback(['gforms_embed'], function (x) { - var id = x.getAttribute('id'), - width = x.getAttribute('width'), - height = x.getAttribute('height'); + var id = tarteaucitron.getElemAttr(x, 'id'), + width = tarteaucitron.getElemAttr(x, 'width'), + height = tarteaucitron.getElemAttr(x, 'height'); return ""; }); }, @@ -5949,7 +5949,7 @@ tarteaucitron.services.canalu = { "js": function () { "use strict"; tarteaucitron.fallback(['canalu_player'], function (x) { - var video_title = tarteaucitron.fixSelfXSS(x.getAttribute("videoTitle")), + var video_title = tarteaucitron.getElemAttr(x, "videoTitle"), frame_url = 'https://www.canal-u.tv/embed/' + video_title; return '
' + @@ -5981,9 +5981,9 @@ tarteaucitron.services.webtvnu = { "js": function () { "use strict"; tarteaucitron.fallback(['webtvnu_player'], function (x) { - var frame_url = 'https://webtv.normandie-univ.fr/permalink/' + x.getAttribute("videoID") + '/iframe/', - width = x.getAttribute("width"), - height = x.getAttribute("height"); + var frame_url = 'https://webtv.normandie-univ.fr/permalink/' + tarteaucitron.getElemAttr(x, "videoID") + '/iframe/', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"); return ''; }); @@ -6026,11 +6026,11 @@ tarteaucitron.services.meteofrance = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_meteofrance'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Météo France iframe'), - width = x.getAttribute("width"), - height = x.getAttribute("height"), - insee = x.getAttribute("data-insee"), - allowfullscreen = x.getAttribute("allowfullscreen"); + var frame_title = tarteaucitron.getElemAttr(x, "title") || 'Météo France iframe', + width = tarteaucitron.getElemAttr(x, "width"), + height = tarteaucitron.getElemAttr(x, "height"), + insee = tarteaucitron.getElemAttr(x, "data-insee"), + allowfullscreen = tarteaucitron.getElemAttr(x, "allowfullscreen"); return ''; }); @@ -6057,7 +6057,7 @@ tarteaucitron.services.m6meteo = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_m6meteo'], function (x) { - var id = x.getAttribute("data-id"); + var id = tarteaucitron.getElemAttr(x, "data-id"); tarteaucitron.addScript('https://www.meteocity.com/widget/js/'+id);