jekyll-embed-urls 0.4.0 → 0.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/README.md +13 -4
- data/lib/jekyll/embed.rb +9 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a414c302d33fdb35c35e420ae07e6fc5c8f90e2fba9b4ba2e8b2961fbd94a8f4
|
|
4
|
+
data.tar.gz: bf0d28a49c111e48d7f02d6ddc9fc258356b0e1dc3409870bb75206549cab968
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9df2638f34fcbcee2a9ace50686fff8e22dff2c7168ca60673634032a97cf65fdb4b1e902e517aa81e5c1ffdc95e8a5f8eb4c53e3d160f6f872615b6b94cb7e6
|
|
7
|
+
data.tar.gz: eb64bf3fc323c3ec0159de2314aa8165c90a79ed95a21ecf497d8ec7aa2b79f4db3cf4e11c8386f0cf8a38c698e94af2c42b32440c656b044dbf216d780468b2
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -54,10 +54,10 @@ embed:
|
|
|
54
54
|
- allow-scripts
|
|
55
55
|
- allow-popups
|
|
56
56
|
allow:
|
|
57
|
-
- fullscreen
|
|
58
|
-
- gyroscope
|
|
59
|
-
- picture-in-picture
|
|
60
|
-
- clipboard-write
|
|
57
|
+
- fullscreen;
|
|
58
|
+
- gyroscope;
|
|
59
|
+
- picture-in-picture;
|
|
60
|
+
- clipboard-write;
|
|
61
61
|
loading: 'lazy'
|
|
62
62
|
controls: true
|
|
63
63
|
rel:
|
|
@@ -162,6 +162,15 @@ Anti-tracking techniques implemented are:
|
|
|
162
162
|
If you find more useful techniques, please [open an issue
|
|
163
163
|
report](https://0xacab.org/sutty/jekyll/jekyll-embed-urls/-/issues).
|
|
164
164
|
|
|
165
|
+
## Feature policy
|
|
166
|
+
|
|
167
|
+
[Feature
|
|
168
|
+
policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
|
|
169
|
+
is a list of directives for allowing or denying features.
|
|
170
|
+
|
|
171
|
+
The directives are separated by semicolons. Any directive not mentioned
|
|
172
|
+
in the configuration is assumed to have a "none" policy by this plugin.
|
|
173
|
+
|
|
165
174
|
## Contributing
|
|
166
175
|
|
|
167
176
|
Bug reports and pull requests are welcome on 0xacab.org at
|
data/lib/jekyll/embed.rb
CHANGED
|
@@ -55,6 +55,10 @@ module Jekyll
|
|
|
55
55
|
MEDIA_ATTRIBUTES = %w[controls].freeze
|
|
56
56
|
A_ATTRIBUTES = %w[referrerpolicy rel target].freeze
|
|
57
57
|
|
|
58
|
+
# Directive from Feature Policy
|
|
59
|
+
# @see {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives}
|
|
60
|
+
DIRECTIVES = %w[accelerometer ambient-light-sensor autoplay battery camera display-capture document-domain encrypted-media execution-while-not-rendered execution-while-out-of-viewport fullscreen gamepad geolocation gyroscope layout-animations legacy-image-formats magnetometer microphone midi navigation-override oversized-images payment picture-in-picture publickey-credentials-get speaker-selection sync-xhr usb screen-wake-lock web-share xr-spatial-tracking].freeze
|
|
61
|
+
|
|
58
62
|
# Templates
|
|
59
63
|
INCLUDE_OGP = '{% include ogp.html site=site page=page %}'
|
|
60
64
|
INCLUDE_FALLBACK = '{% include fallback.html site=site page=page %}'
|
|
@@ -74,7 +78,7 @@ module Jekyll
|
|
|
74
78
|
'attributes' => {
|
|
75
79
|
'referrerpolicy' => 'strict-origin-when-cross-origin',
|
|
76
80
|
'sandbox' => %w[allow-scripts allow-popups],
|
|
77
|
-
'allow' => %w[fullscreen gyroscope picture-in-picture clipboard-write],
|
|
81
|
+
'allow' => %w[fullscreen; gyroscope; picture-in-picture; clipboard-write;],
|
|
78
82
|
'loading' => 'lazy',
|
|
79
83
|
'controls' => true,
|
|
80
84
|
'rel' => %w[noopener noreferrer],
|
|
@@ -144,7 +148,9 @@ module Jekyll
|
|
|
144
148
|
|
|
145
149
|
# @return [Hash]
|
|
146
150
|
def config
|
|
147
|
-
@config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {}))
|
|
151
|
+
@config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {})).tap do |c|
|
|
152
|
+
c['attributes']['allow'].concat (DIRECTIVES - c.dig('attributes', 'allow').join.split(';').map { |s| s.split(' ').first }).join(" 'none';|").split('|')
|
|
153
|
+
end
|
|
148
154
|
end
|
|
149
155
|
|
|
150
156
|
# Try for OEmbed
|
|
@@ -197,7 +203,7 @@ module Jekyll
|
|
|
197
203
|
'title' => text(title),
|
|
198
204
|
'description' => text(description),
|
|
199
205
|
'url' => url,
|
|
200
|
-
'image' => element
|
|
206
|
+
'image' => element&.css('img')&.first&.public_send(:[], 'src')
|
|
201
207
|
}
|
|
202
208
|
|
|
203
209
|
fallback_template.render! payload, context
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jekyll-embed-urls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- f
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jekyll
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 0.16.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 0.16.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: loofah
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|