jekyll-embed-urls 0.4.0 → 0.4.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/README.md +13 -4
  4. data/lib/jekyll/embed.rb +9 -3
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 30c09af02fb3b49b49ffae328a7c474377badc49f4a7d10e37c5077411b93e55
4
- data.tar.gz: c66c5bf04fad8b11c7df5bef04e01a912a70a0b371dbb93cf14107bfb9de39c5
3
+ metadata.gz: a414c302d33fdb35c35e420ae07e6fc5c8f90e2fba9b4ba2e8b2961fbd94a8f4
4
+ data.tar.gz: bf0d28a49c111e48d7f02d6ddc9fc258356b0e1dc3409870bb75206549cab968
5
5
  SHA512:
6
- metadata.gz: d4a9316874d7dfd7da173144c7eb608697b06432a5c10f2e9fa4d79ec61474a5bfc4d90ce214316a2659ee5a80147bfeee4d39851e6c88c18b0a9def4e6bd9f1
7
- data.tar.gz: 20964fff6fcdaac00ceb536fbfd858e07984ed2f00e7eb59a5537a72a090700844de9133085e9509416de0386f18ac4620015f11be7979c6e347c44126153f30
6
+ metadata.gz: 9df2638f34fcbcee2a9ace50686fff8e22dff2c7168ca60673634032a97cf65fdb4b1e902e517aa81e5c1ffdc95e8a5f8eb4c53e3d160f6f872615b6b94cb7e6
7
+ data.tar.gz: eb64bf3fc323c3ec0159de2314aa8165c90a79ed95a21ecf497d8ec7aa2b79f4db3cf4e11c8386f0cf8a38c698e94af2c42b32440c656b044dbf216d780468b2
data/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # Changelog
2
2
 
3
+ ## v0.4.3
4
+
5
+ * Correctly use Feature Policy
6
+
7
+ ## v0.4.2
8
+
9
+ * Fix on v0.4.1
10
+
11
+ ## v0.4.1
12
+
13
+ * Don't fail if remote URL returns an empty body
14
+
3
15
  ## v0.4.0
4
16
 
5
17
  * Almost a complete rewrite.
data/README.md CHANGED
@@ -54,10 +54,10 @@ embed:
54
54
  - allow-scripts
55
55
  - allow-popups
56
56
  allow:
57
- - fullscreen
58
- - gyroscope
59
- - picture-in-picture
60
- - clipboard-write
57
+ - fullscreen;
58
+ - gyroscope;
59
+ - picture-in-picture;
60
+ - clipboard-write;
61
61
  loading: 'lazy'
62
62
  controls: true
63
63
  rel:
@@ -162,6 +162,15 @@ Anti-tracking techniques implemented are:
162
162
  If you find more useful techniques, please [open an issue
163
163
  report](https://0xacab.org/sutty/jekyll/jekyll-embed-urls/-/issues).
164
164
 
165
+ ## Feature policy
166
+
167
+ [Feature
168
+ policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
169
+ is a list of directives for allowing or denying features.
170
+
171
+ The directives are separated by semicolons. Any directive not mentioned
172
+ in the configuration is assumed to have a "none" policy by this plugin.
173
+
165
174
  ## Contributing
166
175
 
167
176
  Bug reports and pull requests are welcome on 0xacab.org at
data/lib/jekyll/embed.rb CHANGED
@@ -55,6 +55,10 @@ module Jekyll
55
55
  MEDIA_ATTRIBUTES = %w[controls].freeze
56
56
  A_ATTRIBUTES = %w[referrerpolicy rel target].freeze
57
57
 
58
+ # Directive from Feature Policy
59
+ # @see {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives}
60
+ DIRECTIVES = %w[accelerometer ambient-light-sensor autoplay battery camera display-capture document-domain encrypted-media execution-while-not-rendered execution-while-out-of-viewport fullscreen gamepad geolocation gyroscope layout-animations legacy-image-formats magnetometer microphone midi navigation-override oversized-images payment picture-in-picture publickey-credentials-get speaker-selection sync-xhr usb screen-wake-lock web-share xr-spatial-tracking].freeze
61
+
58
62
  # Templates
59
63
  INCLUDE_OGP = '{% include ogp.html site=site page=page %}'
60
64
  INCLUDE_FALLBACK = '{% include fallback.html site=site page=page %}'
@@ -74,7 +78,7 @@ module Jekyll
74
78
  'attributes' => {
75
79
  'referrerpolicy' => 'strict-origin-when-cross-origin',
76
80
  'sandbox' => %w[allow-scripts allow-popups],
77
- 'allow' => %w[fullscreen gyroscope picture-in-picture clipboard-write],
81
+ 'allow' => %w[fullscreen; gyroscope; picture-in-picture; clipboard-write;],
78
82
  'loading' => 'lazy',
79
83
  'controls' => true,
80
84
  'rel' => %w[noopener noreferrer],
@@ -144,7 +148,9 @@ module Jekyll
144
148
 
145
149
  # @return [Hash]
146
150
  def config
147
- @config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {}))
151
+ @config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {})).tap do |c|
152
+ c['attributes']['allow'].concat (DIRECTIVES - c.dig('attributes', 'allow').join.split(';').map { |s| s.split(' ').first }).join(" 'none';|").split('|')
153
+ end
148
154
  end
149
155
 
150
156
  # Try for OEmbed
@@ -197,7 +203,7 @@ module Jekyll
197
203
  'title' => text(title),
198
204
  'description' => text(description),
199
205
  'url' => url,
200
- 'image' => element.css('img').first&.public_send(:[], 'src')
206
+ 'image' => element&.css('img')&.first&.public_send(:[], 'src')
201
207
  }
202
208
 
203
209
  fallback_template.render! payload, context
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jekyll-embed-urls
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - f
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-01 00:00:00.000000000 Z
11
+ date: 2022-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jekyll
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.15'
33
+ version: 0.16.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.15'
40
+ version: 0.16.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: loofah
43
43
  requirement: !ruby/object:Gem::Requirement