rogarithm/knowledge_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Detect YouTube URLs and emit privacy-enhanced iframe

Browse Source 
Recognizes youtu.be, watch?v=, shorts, embed, and mobile variants.
Emits an iframe pointing to youtube-nocookie.com with lazy loading,
strict-origin referrer policy, and allowfullscreen.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Yutaka Kurosaki
2026-05-09 10:47:46 +09:00
parent bb9843fd47
commit 5b6e344ee9
2 changed files with 75 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/tests/Unit/Markdown/MediaUrlResolverTest.php
+39
View File
@@ -87,4 +87,43 @@ public static function audioUrls(): array
'm4a' => ['/clip.m4a'],
];
}
#[DataProvider('youtubeUrls')]
public function test_youtube_urls_produce_iframe(string $url): void
{
$html = $this->resolver->resolve($url);
$this->assertNotNull($html);
$this->assertStringStartsWith('<iframe', $html);
$this->assertStringContainsString('youtube-nocookie.com/embed/dQw4w9WgXcQ', $html);
$this->assertStringContainsString('class="kb-embed kb-embed-youtube"', $html);
$this->assertStringContainsString('loading="lazy"', $html);
$this->assertStringContainsString('allowfullscreen', $html);
}
public static function youtubeUrls(): array
{
return [
'short youtu.be' => ['https://youtu.be/dQw4w9WgXcQ'],
'watch v=' => ['https://www.youtube.com/watch?v=dQw4w9WgXcQ'],
'shorts' => ['https://www.youtube.com/shorts/dQw4w9WgXcQ'],
'embed' => ['https://www.youtube.com/embed/dQw4w9WgXcQ'],
'mobile' => ['https://m.youtube.com/watch?v=dQw4w9WgXcQ'],
'no www watch' => ['https://youtube.com/watch?v=dQw4w9WgXcQ'],
];
}
#[DataProvider('invalidYoutubeUrls')]
public function test_invalid_youtube_urls_return_null(string $url): void
{
$this->assertNull($this->resolver->resolve($url));
}
public static function invalidYoutubeUrls(): array
{
return [
'too short id' => ['https://youtu.be/short'],
'host mismatch' => ['https://example.com/watch?v=dQw4w9WgXcQ'],
'XSS attempt in id' => ['https://youtu.be/abc"><script>'],
];
}
}