Single-project view on the archive page

[MirandaEcho]

No description provided.

[benlk]

This encompasses:

• clicking on a list item in the projects list shortcode loads the full view for that project in the designated area in the shortcode output
• filling out the template partial for the full view
• a "permalink" function whereby people can link to a specific project, which will load that project in the project shortcode when the page is rendered for the client. Probably in the form of a URL parameter that causes the placeholder to display the queried post.

[MirandaEcho]

Approved wireframes:
landingpagemobileV1 (1).pdf
localthatworksmainv2 (1).pdf

Note: field display should match spreadsheet, not verbatim from wireframes. These are only wireframes.

[joshdarby]

One thing we might want to be concerned about is the YouTube video URL's. If we accept the basic YouTube video URL, we'll need to do something like this

$video_embed_url = $custom['project-video'][0];
$video_embed_url = substr( $video_embed_url, strpos( $video_embed_url, "=") + 1);  
$video_embed_url = 'https://www.youtube.com/embed/' . $video_embed_url;
printf(
	'<iframe width="560" height="315" src="%1$s" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>',
	esc_html( $video_embed_url )
);

to grab the video id and create an embed url with it in order to display it inside of an iframe.

A way around this could be to ask users to input only the embed video URL, but I'm not sure if that's a reasonable ask to expect them to know how to grab that.

[benlk]

The scraper is returning whole iframe tags for YouTube, PBS, and Vimeo, by the way.

[joshdarby]

The scraper is returning whole iframe tags for YouTube, PBS, and Vimeo, by the way.

Hm. So then would it be reasonable to just ask the submitter to place the entire embed code in the video field?

[benlk]

It would be easy, but I don't want to recommend it, because it enables persistent XSS if the person is pasting anything other than an iframe tag. We can do things with KSES to strip out not-iframes.

But for anything other than legacy scraped content, I think we should ask for the video URL and then use WordPress' Oembed functions to fetch the HTML from a source that WordPress trusts.

[joshdarby]

It would be easy, but I don't want to recommend it, because it enables persistent XSS if the person is pasting anything other than an iframe tag. We can do things with KSES to strip out not-iframes.

But for anything other than legacy scraped content, I think we should ask for the video URL and then use WordPress' Oembed functions to fetch the HTML from a source that WordPress trusts.

@benlk So how are you picturing how we can safely display it on the frontend if some posts have the entire iframe but some have just the url? Especially since Vimeo and Youtube, etc. all have different embed URLs

[benlk]

I'd split the handling for legacy scraped HTML and new forms.

Scraped embed HTML

Scrape results are stored in post meta in legacy-specific field, and are output, unescaped, in the relevant locaiton

New featured videos

One of these two options would work:

• URL stored in post meta with custom processing to make sure it gets passed through WP oembed (maybe we just generate a shortcode and pass it through the the_content filter?)
• submitters post the URL as the first line in the rich-text description field corresponding to the post_content, and it gets handled by WordPress' native URL handling when we output that on the page

[joshdarby]

URL stored in post meta with custom processing to make sure it gets passed through WP oembed (maybe we just generate a shortcode and pass it through the the_content filter?)

Couldn't we just pass it through wp_oembed_get() when we call that meta?

[benlk]

If it works, yeah, let's do that.

Since it requires HTTP transactions, I was/am worried that that might take too long to run when the post is saving, and would have to be done asynchronously.