[BUG] Inadequate checking of domains when loading video media with custom loaders (streamable)

[robigan]

I was reviewing the code that handles loading of media, and noticed that in Winston, the check for if media can be loaded using Streamable simply checks the url string for the presence of streamable.com

winston/winston/components/Media/mediaExtractor.swift

Lines 180 to 182 in 8447b13

	if data.url.contains("streamable.com") {
	return .streamable(StreamableExtracted(url: data.url))
	}

Additionally, the extractor doesn't check for the presence of a valid video ID slug, or that the streamable.com link isn't another landing page/non-video page like their landing page https://streamable.com/pricing, with the extractor returning an empty string if a leading slash is present and the domain being returned if there are no path delimiters in the URL (in which case leads to Winston trying to load a streamable video with ID streamable.com).

winston/winston/components/Media/mediaExtractor.swift

Line 59 in 8447b13

self.shortCode = String(url[url.index(url.lastIndex(of: "/") ?? url.startIndex, offsetBy: 1)...])

I see that right below, the URL is eventually parsed and then hosts are checked properly there, my suggestion would be to properly check the host component of the URL and only send the path component to the extractor.

[linear]

WIN-179 [BUG] Inadequate checking of domains when loading video media with custom loaders (streamable)

[robigan]

If you go to my post that tests for this,
https://www.reddit.com/user/robigan/comments/1fj8g0z/winston_streamable_test/ or
https://www.reddit.com/user/robigan/comments/1fj8sid/winston_streamable_test_failure/
you can observe this happening