jekyll-embed-urls 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +3 -0
- data/lib/jekyll-embed-urls.rb +56 -28
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '00388f250c4eb3227080c3dfb580b6a436c0fb1e58c877b650f4bd4f279b27e9'
|
|
4
|
+
data.tar.gz: 1ae33d07ca3576dc0421f657f503884be86e809c6489e8a005fd9f9e3eff6f93
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f034c24e5376036b2e1c38e174d2a46a1c909b3e834d5841cbacbed33bae5fd5898e8d0501dc5d14a4d25cad728937d72d111fad20d2eee1486e0d777516ee32
|
|
7
|
+
data.tar.gz: 79583d31b31cc5d2d7de674091045b8c466d0e95cd2356a94393a3c24c1f23cc1e27172565cc535b8c35dc4aa66936699cf201e768be7572b2eef97e5c9d8f9a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## v0.3.0
|
|
4
|
+
|
|
5
|
+
* Reuse the iframe and sandbox it if the embed code contains one
|
|
6
|
+
|
|
7
|
+
* Use a Referrer-Policy
|
|
8
|
+
|
|
9
|
+
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
|
10
|
+
|
|
11
|
+
https://web.dev/referrer-best-practices/
|
|
12
|
+
|
|
3
13
|
## v0.2.0
|
|
4
14
|
|
|
5
15
|
* Use a sandboxed iframe
|
data/README.md
CHANGED
|
@@ -58,6 +58,9 @@ intended to be a safe, welcoming space for collaboration, and
|
|
|
58
58
|
contributors are expected to adhere to the [Sutty code of
|
|
59
59
|
conduct](https://sutty.nl/en/code-of-conduct/).
|
|
60
60
|
|
|
61
|
+
If you like our plugins, [please consider
|
|
62
|
+
donating](https://donaciones.sutty.nl/en/)!
|
|
63
|
+
|
|
61
64
|
## License
|
|
62
65
|
|
|
63
66
|
The gem is available as free software under the terms of the GPL3
|
data/lib/jekyll-embed-urls.rb
CHANGED
|
@@ -1,60 +1,88 @@
|
|
|
1
1
|
require 'oembed'
|
|
2
2
|
require 'cgi'
|
|
3
|
+
require 'oga'
|
|
3
4
|
|
|
5
|
+
# TODO: We tested several of the mainstream embedable contents (YT, IG,
|
|
6
|
+
# Twitter) and specially IG and Twitter just want to take over the page
|
|
7
|
+
# to set their own size, also send metrics. So they won't work on a
|
|
8
|
+
# sandboxed iframe, which we were expecting, but they also won't be
|
|
9
|
+
# comfortable for visitors to use. We're planning on using OGP and
|
|
10
|
+
# render our own partials (configurable) for this. This way everything
|
|
11
|
+
# is safer and the embedded content even adapts to the site's design.
|
|
12
|
+
#
|
|
13
|
+
# So, expect a major refactoring!
|
|
14
|
+
|
|
15
|
+
OEmbed::Providers.register_all
|
|
16
|
+
OEmbed::Providers.register_fallback(OEmbed::ProviderDiscovery,
|
|
17
|
+
OEmbed::Providers::Noembed)
|
|
4
18
|
|
|
5
19
|
# Process the content of documents before rendering them to find URLs in
|
|
6
20
|
# a block.
|
|
7
21
|
Jekyll::Hooks.register :site, :pre_render do |site|
|
|
8
22
|
# Cache results
|
|
9
23
|
cache ||= Jekyll::Cache.new('Jekyll::OEmbed::Urls')
|
|
24
|
+
# TODO: Make configurable
|
|
25
|
+
referrer_policy = 'strict-origin-when-cross-origin'
|
|
10
26
|
|
|
11
27
|
# Only modify documents to be written
|
|
12
28
|
site.docs_to_write.each do |doc|
|
|
13
29
|
# Skip text paragraphs
|
|
14
|
-
|
|
30
|
+
# XXX: Find link in first line
|
|
31
|
+
next unless %r{\n\n\s*<?https?://} =~ doc.content
|
|
15
32
|
|
|
16
33
|
# Split texts by markdown blocks
|
|
17
34
|
doc.content = doc.content.split("\n\n").map do |p|
|
|
18
35
|
# Only process lines with URLs
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
36
|
+
next p unless %r{\A\s*<?https?://} =~ p
|
|
37
|
+
# Remove empty characters and markdown autolinks
|
|
38
|
+
p = p.strip.tr('<', '').tr('>', '')
|
|
39
|
+
|
|
40
|
+
# @see {https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox}
|
|
41
|
+
same_origin = p.start_with? site.config['url']
|
|
42
|
+
|
|
43
|
+
Jekyll.logger.debug "Finding OEmbed content for #{p}"
|
|
44
|
+
# Cache the results
|
|
45
|
+
cache.getset(p) do
|
|
46
|
+
Jekyll.logger.debug "=> Not cached, obtaining..."
|
|
47
|
+
|
|
48
|
+
result = OEmbed::Providers.get(p)
|
|
49
|
+
sandbox = "allow-scripts #{same_origin ? '' : 'allow-same-origin'}"
|
|
22
50
|
|
|
23
|
-
#
|
|
24
|
-
|
|
51
|
+
# If the embed HTML contains an iframe, make sure it has the
|
|
52
|
+
# correct attributes.
|
|
53
|
+
if %r{<iframe } =~ result.html
|
|
54
|
+
html = Oga.parse_html result.html
|
|
25
55
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
56
|
+
html.css('iframe').each do |iframe|
|
|
57
|
+
iframe.attributes.delete_if do |attr|
|
|
58
|
+
%w[width height].include? attr.name
|
|
59
|
+
end
|
|
30
60
|
|
|
31
|
-
|
|
61
|
+
iframe.attributes << Oga::XML::Attribute.new(name: 'sandbox', value: sandbox)
|
|
62
|
+
iframe.attributes << Oga::XML::Attribute.new(name: 'referrerpolicy', value: referrer_policy)
|
|
63
|
+
end
|
|
32
64
|
|
|
65
|
+
html.to_xml
|
|
66
|
+
else
|
|
33
67
|
# Return a sandboxed iframe with the size of the HTML. We
|
|
34
68
|
# only allow scripts to run inside the iframe and nothing
|
|
35
69
|
# else.
|
|
36
70
|
<<~IFRAME
|
|
37
71
|
<iframe
|
|
38
|
-
referrerpolicy="
|
|
39
|
-
sandbox="
|
|
72
|
+
referrerpolicy="#{referrer_policy}"
|
|
73
|
+
sandbox="#{sandbox}"
|
|
40
74
|
style="min-width:#{result.width}px;min-height:#{result.height || 0}px"
|
|
41
|
-
srcdoc="#{CGI.escape_html result.html}"
|
|
42
|
-
></iframe>
|
|
75
|
+
srcdoc="#{CGI.escape_html result.html}"></iframe>
|
|
43
76
|
IFRAME
|
|
44
|
-
|
|
45
|
-
result.html
|
|
46
|
-
rescue OEmbed::NotFound => e
|
|
47
|
-
# If the URL doesn't support OEmbed just return an external
|
|
48
|
-
# link.
|
|
49
|
-
#
|
|
50
|
-
# TODO: Fetch information with OGP and render a template.
|
|
51
|
-
Jekyll.logger.warn "#{p} is not oembeddable or URL can't be fetched, showing as URL"
|
|
52
|
-
|
|
53
|
-
"<a href=\"#{p}\" target=\"_blank\">#{p}</a>"
|
|
54
77
|
end
|
|
55
|
-
|
|
56
|
-
#
|
|
57
|
-
|
|
78
|
+
rescue OEmbed::NotFound => e
|
|
79
|
+
# If the URL doesn't support OEmbed just return an external
|
|
80
|
+
# link.
|
|
81
|
+
#
|
|
82
|
+
# TODO: Fetch information with OGP and render a template.
|
|
83
|
+
Jekyll.logger.warn "#{p} is not oembeddable or URL can't be fetched, showing as URL"
|
|
84
|
+
|
|
85
|
+
%(<a href="#{p}" target="_blank" referrerpolicy="#{referrer_policy}">#{p}</a>)
|
|
58
86
|
end
|
|
59
87
|
# Rebuild the content
|
|
60
88
|
end.join("\n\n")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jekyll-embed-urls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- f
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jekyll
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0.13'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: oga
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '2.15'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '2.15'
|
|
41
55
|
description: Replaces URLs for their previsualization in Jekyll posts
|
|
42
56
|
email:
|
|
43
57
|
- f@sutty.nl
|