jekyll-embed-urls 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 38bf8e56a0b446544b161c172f12b013b89b9f30907888cc57eaef2a9c9abc1b
-  data.tar.gz: 765fa0635ce932982fc14279fc007127883aab30c456887b9a166160477855c5
+  metadata.gz: 30c09af02fb3b49b49ffae328a7c474377badc49f4a7d10e37c5077411b93e55
+  data.tar.gz: c66c5bf04fad8b11c7df5bef04e01a912a70a0b371dbb93cf14107bfb9de39c5
 SHA512:
-  metadata.gz: 6434287bd81791b0420c0d80b995d37222c80370db283f2297b7b9542792f069315621d59e8de1b79aca2597381cc875c0a0313b6e0aa8130b7defb50fe03ab7
-  data.tar.gz: 5a41d00060687e833e82672ffbd44dfc99aa67b3ff9ab42167a5db58085a96b0a1c538f1203396ba6c102e28c7b98f77e48a1e0b5832433fa1115e3b2f2a1d9d
+  metadata.gz: d4a9316874d7dfd7da173144c7eb608697b06432a5c10f2e9fa4d79ec61474a5bfc4d90ce214316a2659ee5a80147bfeee4d39851e6c88c18b0a9def4e6bd9f1
+  data.tar.gz: 20964fff6fcdaac00ceb536fbfd858e07984ed2f00e7eb59a5537a72a090700844de9133085e9509416de0386f18ac4620015f11be7979c6e347c44126153f30

data/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Changelog
 
+## v0.4.0
+
+* Almost a complete rewrite.
+* Does its best to prevent visitor tracking.
+* Embed URLs with OEmbed, OGP and fallbacks to discover title and other
+  stuff.
+* If using Jekyll >= 4.2.0, finds URLs in content and replaces for HTML
+  embed.
+* Customizable templates.
+* Uses [UrlPrivacy](https://0xacab.org/sutty/url-privacy) to prevent
+  tracking.
+
+## v0.3.3
+
+* Add `allow-popups` to sandbox so you can open links in a new window.
+
+## v0.3.2
+
+* Rescue `OEmbed::Error`
+
+## v0.3.1
+
+* Put link inside a paragraph so markdown ignores the HTML
+
+## v0.3.0
+
+* Reuse the iframe and sandbox it if the embed code contains one
+
+* Use a Referrer-Policy
+
+  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+
+  https://web.dev/referrer-best-practices/
+
 ## v0.2.0
 
 * Use a sandboxed iframe

data/README.md

@@ -1,8 +1,14 @@
 # jekyll-embed-urls
 
-This plugin finds the URL previsualization and replaces them in posts by
-using [OEmbed](https://oembed.com/) and other techniques.
+This plugin converts URLs to their previsualization by using
+[OEmbed](https://oembed.com/), [OGP](http://ogp.me/).  It fallbacks to
+showing a card with basic information.
 
+While developing this plugin, we found out that OEmbed providers tend to
+inject JavaScript and other ways of tracking users, so this plugin does
+its best to prevent it.
+
+For OGP and fallback, you can modify the templates.
 
 ## Installation
 
@@ -27,6 +33,37 @@ Add the plugin to your `_config.yml`:
 ```yaml
 plugins:
 - jekyll-embed-urls
+embed:
+# Extra elements to remove
+  scrub:
+  - form
+  - input
+  - textarea
+  - button
+  - fieldset
+  - select
+  - option
+  - optgroup
+  - canvas
+  - area
+  - map
+# Attribute values can be strings or array of strings
+  attributes:
+    referrerpolicy: strict-origin-when-cross-origin
+    sandbox:
+    - allow-scripts
+    - allow-popups
+    allow:
+    - fullscreen
+    - gyroscope
+    - picture-in-picture
+    - clipboard-write
+    loading: 'lazy'
+    controls: true
+    rel:
+    - noopener
+    - noreferrer
+    target: _blank
 ```
 
 Then, when you want to embed an URL (like a video) in a post, simply
@@ -49,6 +86,81 @@ paragraphs but it needs to be in its own block of text.
 **Another note:** [Invidious doesn't support OEmbed
 yet](https://github.com/omarroth/invidious/issues/1222) :P
 
+## Themes
+
+You can also use it as a Liquid filter, for instance:
+
+```html
+{{ page.embed_url | embed }}
+```
+
+The `embed` filter takes an URL and replaces it for the HTML.  Other
+filters are `oembed`, `ogp` and `fallback`.
+
+### Templates
+
+You can modify the templates by providing your own include files,
+`_includes/ogp.html` and `_includes/fallback.html`.  We don't add any
+CSS so you can develop your own.
+
+To access default includes, run `bundle show jekyll-embed-urls` and copy
+the files from the `_includes` directory to your site.
+
+## Facebook and Instagram
+
+Facebook deprecated their OEmbed API and now a token is required for
+embedding Facebook and Instagram URLs.  Set it as an environtment
+variable named `OEMBED_FACEBOOK_TOKEN`.
+
+If you don't have it, this plugin make a best effort attempt.  Instagram
+will be available through OGP, but their image URLs expire after
+a certain time, so your site may appear broken after a while.  We could
+download them but we decided not to because it may infringe on
+intellectual property laws and personal rights such as privacy, and
+consequently put our service at risk.
+
+It's our position that there're legitimate uses for downloading remote
+media, such as for archiving collective memory (police brutality, public
+figures speeches, etc.) that may be removed without notice.
+
+In these cases our recommendation is always not to host with corporate
+services, since they don't share our politics and actively work against
+us.
+
+We're hotlinking and copying text though, assuming that falls under fair
+use rights.
+
+## Tracking prevention
+
+Anti-tracking techniques implemented are:
+
+* `<script>` and other tags are removed.  No external JS is loaded in
+  a local context.
+
+* `<form>`s and their elements are removed.
+
+* `<canvas>`, `<area>`, `<map>` are removed.
+
+* `<iframe>`s are
+  [sandboxed](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox).
+
+* `<img>`s are lazy loaded.  This is not strickly anti-tracking but
+  images are loaded when needed.
+
+* All URLs get their tracking params removed by
+  [UrlPrivacy](https://0xacab.org/sutty/url-privacy)
+
+* [Referrer
+  Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy)
+  is implemented for supported elements.  Extrangely, `<video>` and
+  `<audio>` don't seem to support it.
+
+* External links open in a new tab and have `rel="noopener noreferrer"`
+  to prevent [reverse
+  tabnabbing](https://owasp.org/www-community/attacks/Reverse_Tabnabbing).
+
+If you find more useful techniques, please [open an issue
+report](https://0xacab.org/sutty/jekyll/jekyll-embed-urls/-/issues).
 
 ## Contributing
 
@@ -58,6 +170,9 @@ intended to be a safe, welcoming space for collaboration, and
 contributors are expected to adhere to the [Sutty code of
 conduct](https://sutty.nl/en/code-of-conduct/).
 
+If you like our plugins, [please consider
+donating](https://donaciones.sutty.nl/en/)!
+
 ## License
 
 The gem is available as free software under the terms of the GPL3

data/_includes/fallback.html

@@ -0,0 +1,17 @@
+<article class="fallback">
+  {%- if page.image -%}
+    <img referrerpolicy="{{ embed.referrerpolicy }}" loading="{{ embed.loading }}" src="{{ page.image }}" class="img-fluid" />
+  {%- endif -%}
+
+  <h1>{{ page.title }}</h1>
+  <p class="lead">{{ page.description }}</p>
+  <p><small>
+    <a
+      href="{{ page.url }}"
+      referrerpolicy="{{ embed.referrerpolicy }}"
+      target="{{ embed.target }}"
+      rel="{{ embed.rel }}">
+      {{ page.url }}
+    </a>
+  </small><p>
+</article>

data/_includes/ogp.html

@@ -0,0 +1,23 @@
+<article class="ogp" lang="{{ page.locale }}">
+  {%- if page.video -%}
+    <video poster="{{ page.image }}" class="img-fluid" {{ embed.controls }} src="{{ page.video }}"/>
+  {%- elsif page.image -%}
+    <img referrerpolicy="{{ embed.referrerpolicy }}" loading="{{ embed.loading }}" src="{{ page.image }}" class="img-fluid" />
+  {%- endif -%}
+
+  {%- if page.audio -%}
+    <audio class="img-fluid" {{ embed.controls }} src="{{ page.audio }}"/>
+  {%- endif -%}
+
+  <h1>{{ page.title }}</h1>
+  <p class="lead">{{ page.description }}</p>
+  <p><small>
+    <a
+      href="{{ page.url }}"
+      referrerpolicy="{{ embed.referrerpolicy }}"
+      target="{{ embed.target }}"
+      rel="{{ embed.rel }}">
+      {{ page.url }}
+    </a>
+  </small><p>
+</article>

data/lib/jekyll-embed-urls.rb

@@ -1,62 +1,9 @@
-require 'oembed'
-require 'cgi'
+# frozen_string_literal: true
 
+require_relative 'jekyll/embed'
+require_relative 'jekyll/embed/filter'
 
-# Process the content of documents before rendering them to find URLs in
-# a block.
-Jekyll::Hooks.register :site, :pre_render do |site|
-  # Cache results
-  cache ||= Jekyll::Cache.new('Jekyll::OEmbed::Urls')
-
-  # Only modify documents to be written
-  site.docs_to_write.each do |doc|
-    # Skip text paragraphs
-    next unless %r{\n\nhttps?://} =~ doc.content
-
-    # Split texts by markdown blocks
-    doc.content = doc.content.split("\n\n").map do |p|
-      # Only process lines with URLs
-      if %r{\Ahttps?://} =~ p
-        # Remove empty characters
-        p.strip!
-
-        # @see {https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox}
-        same_origin = p.start_with? site.config['url']
-
-        Jekyll.logger.debug "Finding OEmbed content for #{p}"
-        # Cache the results
-        cache.getset(p) do
-          Jekyll.logger.debug "=> Not cached, obtaining..."
-
-          result = OEmbed::Providers.get(p)
-
-          # Return a sandboxed iframe with the size of the HTML.  We
-          # only allow scripts to run inside the iframe and nothing
-          # else.
-          <<~IFRAME
-            <iframe
-              referrerpolicy="no-referrer"
-              sandbox="allow-scripts #{same_origin ? '' : 'allow-same-origin'}"
-              style="min-width:#{result.width}px;min-height:#{result.height || 0}px"
-              srcdoc="#{CGI.escape_html result.html}"
-              ></iframe>
-          IFRAME
-
-          result.html
-        rescue OEmbed::NotFound => e
-          # If the URL doesn't support OEmbed just return an external
-          # link.
-          #
-          # TODO: Fetch information with OGP and render a template.
-          Jekyll.logger.warn "#{p} is not oembeddable or URL can't be fetched, showing as URL"
-
-          "<a href=\"#{p}\" target=\"_blank\">#{p}</a>"
-        end
-      else
-        # Otherwise return the original block
-        p
-      end
-    # Rebuild the content
-    end.join("\n\n")
-  end
+# Configure Embed
+Jekyll::Hooks.register :site, :after_init do |site|
+  Jekyll::Embed.site = site
 end

data/lib/jekyll/embed.rb

@@ -0,0 +1,329 @@
+# frozen_string_literal: true
+
+require 'faraday'
+require 'faraday-http-cache'
+require 'faraday_middleware/response/follow_redirects'
+require 'loofah'
+require 'ogp'
+require 'url_privacy'
+
+require_relative 'embed/oembed'
+require_relative 'embed/cache'
+
+if Gem::Version.new(Jekyll::VERSION) >= Gem::Version.new('4.2.0')
+  require_relative 'embed/content'
+else
+  Jekyll.logger.warn "Upgrade to Jekyll >= 4.2.0 to embed URLs in content"
+end
+
+OEmbed::Providers.register_all
+OEmbed::Providers.register_fallback(OEmbed::ProviderDiscovery,
+                                    OEmbed::Providers::Noembed)
+
+module Jekyll
+  # The idea with this class is to find the best safe representation of
+  # a link.  For a YouTube video it could be the sandboxed iframe.  This
+  # loads the video and allows you to reproduce it while preventing YT
+  # to call home and send data about your users.  But other social networks
+  # will try to take control of their containers by modifying the page.
+  # They resist sandboxing and don't work correctly.  For them, we
+  # cleanup unwanted HTML tags such as <script>, and return the HTML,
+  # which you can style using CSS.  Twitter does this.
+  #
+  # Others are only available through OGP, so we retrieve the metadata
+  # and render a template, which you can provide in your own theme too.
+  #
+  # We also try for microformats and we would look at Schema.org too but
+  # doesn't seem to be a gem for it yet.
+  #
+  # If the URL doesn't provide anything at all we get the URL, title and
+  # date of last visit.
+  #
+  # Isn't it nice that the corporations that requires us to use OEmbed,
+  # OGP, Twitter Cards, Schema.org and other metadata, don't do use
+  # themselves?
+  #
+  # Also we're going to use heavy caching so we don't hit rate limits or
+  # lose the representation if the service is down or the URL is
+  # removed.  We may be tempted to store the resources locally (images,
+  # videos, audio) but we have to take into account that people have
+  # legitimate reasons to remove media from the Internet.
+  class Embed
+    # Attributes to apply by HTMLElement
+    IFRAME_ATTRIBUTES = %w[allow sandbox referrerpolicy loading].freeze
+    IMAGE_ATTRIBUTES = %w[referrerpolicy loading].freeze
+    MEDIA_ATTRIBUTES = %w[controls].freeze
+    A_ATTRIBUTES = %w[referrerpolicy rel target].freeze
+
+    # Templates
+    INCLUDE_OGP = '{% include ogp.html site=site page=page %}'
+    INCLUDE_FALLBACK = '{% include fallback.html site=site page=page %}'
+
+    # The default referrer policy only sends the origin URL (not the
+    # full URL, only the protocol/scheme and domain part) if the remote
+    # URL is HTTPS.
+    #
+    # @see {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy}
+    #
+    # The default sandbox restrictions only allow scripts in the context
+    # of the iframe and opening new tabs.
+    #
+    # @see {https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox}
+    DEFAULT_CONFIG = {
+      'scrub' => %w[form input textarea button fieldset select option optgroup canvas area map],
+      'attributes' => {
+        'referrerpolicy' => 'strict-origin-when-cross-origin',
+        'sandbox' => %w[allow-scripts allow-popups],
+        'allow' => %w[fullscreen gyroscope picture-in-picture clipboard-write],
+        'loading' => 'lazy',
+        'controls' => true,
+        'rel' => %w[noopener noreferrer],
+        'target' => '_blank'
+      }
+    }
+
+    class << self
+      def site
+        unless @site
+          raise Jekyll::Errors::InvalidConfigurationError,
+            "Site is missing, configure with `Jekyll::Embed.site = site`"
+        end
+
+        @site
+      end
+
+      # This is an initializer of sorts
+      #
+      # @param [Jekyll::Site]
+      # @return [Jekyll::Site]
+      def site=(site)
+        raise ArgumentError, "Site must be a Jekyll::Site" unless site.is_a? Jekyll::Site
+
+        @site = site
+
+        # Add the _includes dir so we can provide default templates that
+        # can be overriden locally or by the theme.
+        site.includes_load_paths << File.expand_path(File.join(__dir__, '..', '..', '_includes'))
+        # Since we're embedding, we're allowing iframes
+        Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 << 'iframe'
+
+        # Other elements that are disallowed
+        config['scrub']&.each do |scrub|
+          Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2.delete(scrub)
+        end
+
+        payload['embed'] = config['attributes']
+
+        site
+      end
+
+      # Render the URL as HTML
+      #
+      # 1. Try oembed for video and image
+      # 2. If rich oembed, cleanup
+      # 3. If OGP, render templates
+      # 4. Else, render fallback template
+      #
+      # @param [String] URL
+      # @return [String] HTML
+      def embed(url)
+        url.strip!
+
+        # Quick check
+        raise URI::Error unless url.start_with? 'http'
+
+        # Just to verify the URL is valid
+        URI.parse url
+
+        oembed(url) || ogp(url) || fallback(url)
+      rescue URI::Error
+        Jekyll.logger.warn "#{url.inspect} is not a valid URL"
+
+        url
+      end
+
+      # @return [Hash]
+      def config
+        @config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {}))
+      end
+
+      # Try for OEmbed
+      #
+      # @param [String] URL
+      # @return [String,NilClass] Sanitized HTML or nil
+      def oembed(url)
+        cache.getset(url) do
+          oembed = OEmbed::Providers.get url
+
+          # Prevent caching of nil?
+          raise OEmbed::Error unless oembed.respond_to? :html
+
+          # Cleanup.  We don't allow running remote scripts locally,
+          # period.
+          cleanup(Loofah.fragment(oembed.html).scrub!(:prune), url).to_s
+        end
+      rescue OEmbed::Error
+        nil
+      end
+
+      # Try for OGP.
+      # @param [String] URL
+      # @return [String,NilClass]
+      def ogp(url)
+        cache.getset(url) do
+          ogp = OGP::OpenGraph.new get(url).body
+          context = info.dup
+          context[:registers][:page] = payload['page'] = ogp.data
+
+          ogp_template.render! payload, context
+        end
+      rescue OGP::MalformedSourceError, OGP::MissingAttributeError, Faraday::Error
+        nil
+      end
+
+      # Try something
+      def fallback(url)
+        cache.getset(url) do
+          html        = Nokogiri::HTML.fragment get(url).body
+          element     = html.css('article').first
+          element   ||= html.css('section').first
+          element   ||= html.css('main').first
+          element   ||= html.css('body').first
+          title       = html.css('title').first
+          description = html.css('meta[name="description"]').first
+
+          context = info.dup
+          context[:registers][:page] = payload['page'] = {
+            'title' => text(title),
+            'description' => text(description),
+            'url' => url,
+            'image' => element.css('img').first&.public_send(:[], 'src')
+          }
+
+          fallback_template.render! payload, context
+        end
+      rescue Faraday::Error, Nokogiri::SyntaxError
+        nil
+      end
+
+      # @param [String] URL
+      # @return [Faraday::Response]
+      def get(url)
+        @get_cache ||= {}
+        @get_cache[url] ||= http_client.get url
+      end
+
+      # @return [Jekyll::Embed::Cache]
+      def cache
+        @cache ||= Jekyll::Embed::Cache.new('Jekyll::Embed')
+      end
+
+      # @return [Faraday::Connection]
+      def http_client
+        @http_client ||= Faraday.new do |builder|
+          builder.use FaradayMiddleware::FollowRedirects
+          builder.use :http_cache, shared_cache: false, store: cache, serializer: Marshal
+        end
+      end
+
+      def cleanup(html, url)
+        # Add our own attributes
+        html.css('iframe').each do |iframe|
+          IFRAME_ATTRIBUTES.each do |attr|
+            iframe[attr] = value_for_attr(attr)
+          end
+
+          # Embedding itself require allow-same-origin
+          iframe['sandbox'] += allow_same_origin(url)
+        end
+
+        html.css('audio, video').each do |media|
+          MEDIA_ATTRIBUTES.each do |attr|
+            media[attr] = value_for_attr(attr)
+          end
+
+          media['src'] = UrlPrivacy.clean media['src']
+        end
+
+        html.css('img').each do |img|
+          IMAGE_ATTRIBUTES.each do |attr|
+            img[attr] = value_for_attr(attr)
+          end
+        end
+
+        html.css('a').each do |a|
+          A_ATTRIBUTES.each do |attr|
+            a[attr] = value_for_attr(attr)
+          end
+        end
+
+        html.css('[src]').each do |element|
+          element['src'] = CGI.escapeHTML(UrlPrivacy.clean(CGI.unescapeHTML(element['src'])))
+        end
+
+        html.css('[href]').each do |element|
+          element['href'] = CGI.escapeHTML(UrlPrivacy.clean(CGI.unescapeHTML(element['href'])))
+        end
+
+        # Return the cleaned up HTML
+        html
+      end
+
+      def text(node)
+        node&.text&.tr("\n", '')&.tr("\r", '')&.strip&.squeeze(' ')
+      end
+
+      private
+
+      def fallback_template
+        @fallback_template ||= site.liquid_renderer.file('fallback.html').parse(INCLUDE_FALLBACK)
+      end
+
+      def ogp_template
+        @ogp_template ||= site.liquid_renderer.file('ogp.html').parse(INCLUDE_OGP)
+      end
+
+      def info
+        @info ||= {
+          registers: { site: site },
+          strict_filters: site.config.dig('liquid', 'strict_filters'),
+          strict_variables: site.config.dig('liquid', 'strict_variables')
+        }
+      end
+
+      # @param [String]
+      # @return [String]
+      def value_for_attr(attr)
+        @value_for_attr ||= {}
+        @value_for_attr[attr] ||=
+          case (value = config.dig('attributes', attr))
+            when String then value
+            when Array then value.join(' ')
+          end
+      end
+
+      # If the iframe comes from the same site, we can allow the same
+      # origin policy on the sandbox.
+      #
+      # @param [String] URL
+      # @return [String]
+      def allow_same_origin(url)
+        unless site.config['url']
+          Jekyll.logger.warn "Add url to _config.yml to determine if the site can embed itself"
+          return ' allow-same-origin'
+        end
+
+        @allow_same_origin ||= {}
+        @allow_same_origin[url] ||= url.start_with?(site.config['url']) ? '' : ' allow-same-origin'
+      end
+
+      # Caches it because Jekyll::Site#site_payload returns a new object
+      # everytime.
+      #
+      # @return [Jekyll::Drops::UnifiedPayloadDrop]
+      def payload
+        @payload ||= site.site_payload
+      end
+    end
+  end
+end

data/lib/jekyll/embed/cache.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Jekyll
+  class Embed
+    # Jekyll cache that behaves like ActiveSupport::Cache
+    class Cache < Jekyll::Cache
+      def write(key, value)
+        self[key] = value
+      end
+
+      def read(key)
+        self[key]
+      rescue
+        nil
+      end
+    end
+  end
+end

data/lib/jekyll/embed/content.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'cgi'
+
+module Jekyll
+  class Embed
+    class Content
+      URL_RE = /<p[^>]*>[\s\n]*(?<url>https?:\/\/[^<\s\n]+)[\s\n]*<\/p>/m.freeze
+
+      class << self
+        # Find URLs on paragraphs.  We do it after rendering because
+        # sometimes we use HTML instead of pure Markdown and this way we
+        # catch both.
+        def embed!(content)
+          URL_RE.match(content) do |match|
+            embed = Jekyll::Embed.embed CGI.unescapeHTML(match[:url])
+
+            content.sub! URL_RE, embed
+          end
+        end
+      end
+    end
+  end
+end
+
+Jekyll::Hooks.register :posts, :post_convert do |post|
+  Jekyll::Embed::Content.embed! post.content
+end

data/lib/jekyll/embed/filter.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Jekyll
+  class Embed
+    module Filter
+      # This filter takes the URL passed as input an returns its HTML
+      # representation.  Embed takes care of everything else.
+      def embed(url)
+        return url unless url.is_a? String
+
+        Embed.embed url
+      end
+
+      def oembed(url)
+        return url unless url.is_a? String
+
+        Embed.oembed url
+      end
+
+      def ogp(url)
+        return url unless url.is_a? String
+
+        Embed.ogp url
+      end
+
+      def fallback(url)
+        return url unless url.is_a? String
+
+        Embed.fallback url
+      end
+    end
+  end
+end
+
+Liquid::Template.register_filter(Jekyll::Embed::Filter)

data/lib/jekyll/embed/oembed.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'oembed'
+
+module OEmbed
+  module ProviderDecorator
+    def self.included(base)
+      base.class_eval do
+        def http_get(url, _)
+          Jekyll::Embed.get(url.to_s).body
+        rescue Faraday::Error
+          raise OEmbed::UnknownResponse
+        end
+      end
+    end
+  end
+end
+
+OEmbed::Provider.include OEmbed::ProviderDecorator

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jekyll-embed-urls
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - f
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-23 00:00:00.000000000 Z
+date: 2021-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jekyll
@@ -30,14 +30,98 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '0.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '0.15'
+- !ruby/object:Gem::Dependency
+  name: loofah
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+- !ruby/object:Gem::Dependency
+  name: ogp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: faraday-http-cache
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: url-privacy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Replaces URLs for their previsualization in Jekyll posts
 email:
 - f@sutty.nl
@@ -51,7 +135,14 @@ files:
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
+- _includes/fallback.html
+- _includes/ogp.html
 - lib/jekyll-embed-urls.rb
+- lib/jekyll/embed.rb
+- lib/jekyll/embed/cache.rb
+- lib/jekyll/embed/content.rb
+- lib/jekyll/embed/filter.rb
+- lib/jekyll/embed/oembed.rb
 homepage: https://0xacab.org/sutty/jekyll/jekyll-embed-urls
 licenses:
 - GPL-3.0
@@ -74,16 +165,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - "~>"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
 summary: Embed URL previsualization in Jekyll posts