jekyll-embed-urls 0.4.2 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/README.md +13 -4
- data/_includes/ogp.html +1 -1
- data/lib/jekyll/embed.rb +8 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 938576c9cdee4a9b13de0e7d2d17983db2704f7882352d5a88010c66c8ddb122
|
4
|
+
data.tar.gz: e34c7de8e8d9b4b36d3b995888015362fd1a561db17cd3b4304bca252f12168c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3c4cb82fb1f9accb6250dbe4b0460cde02867b7bf4b1befb93d2ca8c2f1c4bdb7204c9ceb30847bea1b1f7283be4d72f33137fcbc01c08bfce2ae93cda593cb7
|
7
|
+
data.tar.gz: 0e9f02488eb339c43c33c7a90f0192af3c2e069f038b2b399f6eba991423853589277e88369c0d920e03003957e2d26f3106b487db8b0b300e414abf02394625
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -54,10 +54,10 @@ embed:
|
|
54
54
|
- allow-scripts
|
55
55
|
- allow-popups
|
56
56
|
allow:
|
57
|
-
- fullscreen
|
58
|
-
- gyroscope
|
59
|
-
- picture-in-picture
|
60
|
-
- clipboard-write
|
57
|
+
- fullscreen;
|
58
|
+
- gyroscope;
|
59
|
+
- picture-in-picture;
|
60
|
+
- clipboard-write;
|
61
61
|
loading: 'lazy'
|
62
62
|
controls: true
|
63
63
|
rel:
|
@@ -162,6 +162,15 @@ Anti-tracking techniques implemented are:
|
|
162
162
|
If you find more useful techniques, please [open an issue
|
163
163
|
report](https://0xacab.org/sutty/jekyll/jekyll-embed-urls/-/issues).
|
164
164
|
|
165
|
+
## Feature policy
|
166
|
+
|
167
|
+
[Feature
|
168
|
+
policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
|
169
|
+
is a list of directives for allowing or denying features.
|
170
|
+
|
171
|
+
The directives are separated by semicolons. Any directive not mentioned
|
172
|
+
in the configuration is assumed to have a "none" policy by this plugin.
|
173
|
+
|
165
174
|
## Contributing
|
166
175
|
|
167
176
|
Bug reports and pull requests are welcome on 0xacab.org at
|
data/_includes/ogp.html
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
{%- if page.video -%}
|
3
3
|
<video poster="{{ page.image }}" class="img-fluid" {{ embed.controls }} src="{{ page.video }}"/>
|
4
4
|
{%- elsif page.image -%}
|
5
|
-
<img referrerpolicy="{{ embed.referrerpolicy
|
5
|
+
<img referrerpolicy="{{ embed.referrerpolicy }}" loading="{{ embed.loading }}" src="{{ page.image }}" class="img-fluid" />
|
6
6
|
{%- endif -%}
|
7
7
|
|
8
8
|
{%- if page.audio -%}
|
data/lib/jekyll/embed.rb
CHANGED
@@ -55,6 +55,10 @@ module Jekyll
|
|
55
55
|
MEDIA_ATTRIBUTES = %w[controls].freeze
|
56
56
|
A_ATTRIBUTES = %w[referrerpolicy rel target].freeze
|
57
57
|
|
58
|
+
# Directive from Feature Policy
|
59
|
+
# @see {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives}
|
60
|
+
DIRECTIVES = %w[accelerometer ambient-light-sensor autoplay battery camera display-capture document-domain encrypted-media execution-while-not-rendered execution-while-out-of-viewport fullscreen gamepad geolocation gyroscope layout-animations legacy-image-formats magnetometer microphone midi navigation-override oversized-images payment picture-in-picture publickey-credentials-get speaker-selection sync-xhr usb screen-wake-lock web-share xr-spatial-tracking].freeze
|
61
|
+
|
58
62
|
# Templates
|
59
63
|
INCLUDE_OGP = '{% include ogp.html site=site page=page %}'
|
60
64
|
INCLUDE_FALLBACK = '{% include fallback.html site=site page=page %}'
|
@@ -74,7 +78,7 @@ module Jekyll
|
|
74
78
|
'attributes' => {
|
75
79
|
'referrerpolicy' => 'strict-origin-when-cross-origin',
|
76
80
|
'sandbox' => %w[allow-scripts allow-popups],
|
77
|
-
'allow' => %w[fullscreen gyroscope picture-in-picture clipboard-write],
|
81
|
+
'allow' => %w[fullscreen; gyroscope; picture-in-picture; clipboard-write;],
|
78
82
|
'loading' => 'lazy',
|
79
83
|
'controls' => true,
|
80
84
|
'rel' => %w[noopener noreferrer],
|
@@ -144,7 +148,9 @@ module Jekyll
|
|
144
148
|
|
145
149
|
# @return [Hash]
|
146
150
|
def config
|
147
|
-
@config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {}))
|
151
|
+
@config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {})).tap do |c|
|
152
|
+
c['attributes']['allow'].concat (DIRECTIVES - c.dig('attributes', 'allow').join.split(';').map { |s| s.split(' ').first }).join(" 'none';|").split('|')
|
153
|
+
end
|
148
154
|
end
|
149
155
|
|
150
156
|
# Try for OEmbed
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jekyll-embed-urls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- f
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-09-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jekyll
|