We're updating the issue view to help you get more done. 

Allow video and audio elements in work content

Description

General

Users should be able to embed video and audio in their work content using the video and audio elements. They should not be able to use these elements in other fields.

We should allow simple video and audio elements (e.g. <video src="video url"></video>) and more complex ones with multiple source and track elements and fallback content, e.g.

1 2 3 4 5 6 7 <video poster="image URL"> <source src="mp4 url" type="video/mp4"> <source src="ogv url" type="video/ogg"> <track kind="subtitles" src="en subtitles URL" srclang="en"> <track kind="subtitles" src="ja subtitles URL" srclang="ja"> <p>Fallback text.</p> </video>

Video

Attributes and values that should be automatically added on the video element:

  • controls

  • crossorigin="anonymous"

  • playsinline

  • preload="metadata"

Attributes that should be allowed on the video element:

  • class

  • dir

  • height

  • loop

  • muted

  • poster, but it's important to restrict the value to URLs and not JavaScript fragments due to an Opera 10.5 exploit

  • src

  • title

  • width

Audio

Attributes and values that should be automatically added on the audio element:

  • controls

  • crossorigin="anonymous"

  • preload="metadata"

Attributes that should be allowed on the audio element:

  • class

  • dir

  • loop

  • muted

  • src

  • title

Source

Attributes that should be allowed for the source element:

  • src

  • type

Track

Attributes that should be allowed for the track element:

  • default

  • kind

  • label

  • src

  • srclang

Blacklist

The src URLs of video, audio, source, and track elements should be checked against a single domain blacklist in the config file. This will allow us to block embeds from certain domains in case of abuse.

Initially, the blacklist should be empty.

Environment

None

Status

Assignee

Unassigned

Reporter

Sarken

Roadmap

Works

Priority

Medium

Affects versions

0.9.247

Fix versions

None

Components

BackEnd

Difficulty

Medium

Required Access Level

None

Milestone

Internal 0.9