html-pipeline 1.1.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 255c35bcd09c89964eafb3a2f6a6593acc003a9b
-  data.tar.gz: b18754600751cf85ed04a96e44fa16a60070604e
+  metadata.gz: 6a991b217bf4c9c658d1843fe35e6a9ba989b180
+  data.tar.gz: 24763a9cac62ba2047a64e2c42bfee4107e00ae3
 SHA512:
-  metadata.gz: 00048b649ab9e2514e26215265e9b137d2654096fa68c8a183623cb1270a26288c0d65377a432c9893528d7ff367e35dc2feaeed987bb0c562c28d7d7a8257b2
-  data.tar.gz: a8275a10d2ef7dc1dccbcfa454840914519a7e08baef0739de29bd3b9de1e717798dc22330e02cde9b8c46a3d27341d54447e1b4b556c73e3b7b2f906315cbed
+  metadata.gz: 8433da8334030909b29622d615aa693117c89fdcb06ce581d2dfae7e1a14dee705e3c60fbfbebb8d1c1227ee80d279aded108a1d7491305279d0994195b03c2c
+  data.tar.gz: 34cd18428fdf6b408347ffc6d5e5eb95e6f6ee0dfff098b2a5114ecbb73bc4f78931baabaee145abf070cd2b2df6e1edfb6d28a9b6ad49d53c5ccb156db006d2

data/.travis.yml

@@ -7,7 +7,6 @@ before_install:
 script: "bundle exec rake"
 
 rvm:
-  - 1.8.7
   - 1.9.2
   - 1.9.3
   - 2.0.0

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # CHANGELOG
 
+## 1.3.0
+
+1.2.0 didn't actually include the following changes. Yanked that release.
+
+  * CamoFilter now camos https images. #96 josh
+
 ## 1.1.0
 
   * escape emoji filenames in urls #92 jayroh

data/lib/html/pipeline/camo_filter.rb

@@ -1,4 +1,5 @@
 require 'openssl'
+require 'uri'
 
 module HTML
   class Pipeline
@@ -13,27 +14,34 @@ module HTML
     # Context options:
     #   :asset_proxy (required) - Base URL for constructed asset proxy URLs.
     #   :asset_proxy_secret_key (required) - The shared secret used to encode URLs.
+    #   :asset_proxy_whitelist - Array of host Strings or Regexps to skip
+    #                            src rewriting.
     #
     # This filter does not write additional information to the context.
     class CamoFilter < Filter
       # Hijacks images in the markup provided, replacing them with URLs that
       # go through the github asset proxy.
       def call
+        return unless asset_proxy_enabled?
+
         doc.search("img").each do |element|
           next if element['src'].nil?
-          src = element['src'].strip
-          src = src.sub(%r!^http://github.com!, 'https://github.com')
-          next if context[:disable_asset_proxy]
 
-          if src =~ /^http:/ || src =~ /^https:\/\/img.skitch.com\//
-            element['src'] = asset_proxy_url(src)
-          else
-            element['src'] = src
+          begin
+            uri = URI.parse(element['src'])
+          rescue Exception
+            next
           end
+
+          next if uri.host.nil?
+          next if asset_host_whitelisted?(uri.host)
+
+          element['src'] = asset_proxy_url(uri.to_s)
+          element['data-canonical-src'] = uri.to_s
         end
         doc
       end
-      
+
       # Implementation of validate hook.
       # Errors should raise exceptions or use an existing validator.
       def validate
@@ -51,7 +59,12 @@ module HTML
         OpenSSL::HMAC.hexdigest(digest, asset_proxy_secret_key, url)
       end
 
-      # Private: the hostname to use for generated asset proxied URLs.
+      # Private: Return true if asset proxy filter should be enabled
+      def asset_proxy_enabled?
+        !context[:disable_asset_proxy]
+      end
+
+      # Private: the host to use for generated asset proxied URLs.
       def asset_proxy_host
         context[:asset_proxy]
       end
@@ -60,6 +73,16 @@ module HTML
         context[:asset_proxy_secret_key]
       end
 
+      def asset_proxy_whitelist
+        context[:asset_proxy_whitelist] || []
+      end
+
+      def asset_host_whitelisted?(host)
+        asset_proxy_whitelist.any? do |test|
+          test.is_a?(String) ? host == test : test.match(host)
+        end
+      end
+
       # Private: helper to hexencode a string. Each byte ends up encoded into
       # two characters, zero padded value in the range [0-9a-f].
       def hexencode(str)
@@ -67,4 +90,4 @@ module HTML
       end
     end
   end
-end
+end

data/lib/html/pipeline/version.rb

@@ -1,5 +1,5 @@
 module HTML
   class Pipeline
-    VERSION = "1.1.0"
+    VERSION = "1.3.0"
   end
 end

data/test/html/pipeline/camo_filter_test.rb

@@ -8,7 +8,8 @@ class HTML::Pipeline::CamoFilterTest < Test::Unit::TestCase
     @asset_proxy_secret_key = 'ssssh-secret'
     @options = {
       :asset_proxy            => @asset_proxy_url,
-      :asset_proxy_secret_key => @asset_proxy_secret_key
+      :asset_proxy_secret_key => @asset_proxy_secret_key,
+      :asset_proxy_whitelist  => [/(^|\.)github\.com$/]
     }
   end
 
@@ -16,17 +17,49 @@ class HTML::Pipeline::CamoFilterTest < Test::Unit::TestCase
     orig = %(<p><img src="http://twitter.com/img.png"></p>)
     assert_includes 'img src="' + @asset_proxy_url,
       CamoFilter.call(orig, @options).to_s
+    assert_includes 'data-canonical-src="http://twitter.com/img.png"',
+      CamoFilter.call(orig, @options).to_s
   end
 
-  def test_rewrites_dotcom_image_urls
-    orig = %(<p><img src="http://github.com/img.png"></p>)
+  def test_doesnt_rewrite_dotcom_image_urls
+    orig = %(<p><img src="https://github.com/img.png"></p>)
     assert_equal "<p><img src=\"https://github.com/img.png\"></p>",
       CamoFilter.call(orig, @options).to_s
   end
 
-  def test_not_camouflaging_https_image_urls
+  def test_doesnt_rewrite_dotcom_subdomain_image_urls
+    orig = %(<p><img src="https://raw.github.com/img.png"></p>)
+    assert_equal "<p><img src=\"https://raw.github.com/img.png\"></p>",
+      CamoFilter.call(orig, @options).to_s
+  end
+
+  def test_doesnt_rewrite_dotcom_subsubdomain_image_urls
+    orig = %(<p><img src="https://f.assets.github.com/img.png"></p>)
+    assert_equal "<p><img src=\"https://f.assets.github.com/img.png\"></p>",
+      CamoFilter.call(orig, @options).to_s
+  end
+
+  def test_camouflaging_github_prefixed_image_urls
+    orig = %(<p><img src="https://notgithub.com/img.png"></p>)
+    assert_includes 'img src="' + @asset_proxy_url,
+      CamoFilter.call(orig, @options).to_s
+  end
+
+  def test_doesnt_rewrite_absolute_image_urls
+    orig = %(<p><img src="/img.png"></p>)
+    assert_equal "<p><img src=\"/img.png\"></p>",
+      CamoFilter.call(orig, @options).to_s
+  end
+
+  def test_doesnt_rewrite_relative_image_urls
+    orig = %(<p><img src="img.png"></p>)
+    assert_equal "<p><img src=\"img.png\"></p>",
+      CamoFilter.call(orig, @options).to_s
+  end
+
+  def test_camouflaging_https_image_urls
     orig = %(<p><img src="https://foo.com/img.png"></p>)
-    assert_doesnt_include 'img src="' + @asset_proxy_url,
+    assert_includes 'img src="' + @asset_proxy_url,
       CamoFilter.call(orig, @options).to_s
   end
 
@@ -36,10 +69,10 @@ class HTML::Pipeline::CamoFilterTest < Test::Unit::TestCase
       CamoFilter.call(orig, @options).to_s
     end
   end
-    
+
   def test_required_context_validation
-    exception = assert_raise(ArgumentError) { 
-      CamoFilter.call("", {}) 
+    exception = assert_raise(ArgumentError) {
+      CamoFilter.call("", {})
     }
     assert_match /:asset_proxy[^_]/, exception.message
     assert_match /:asset_proxy_secret_key/, exception.message

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: html-pipeline
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Ryan Tomayko
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-20 00:00:00.000000000 Z
+date: 2014-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -115,7 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: Helpers for processing content through a chain of filters