jekyll-embed-urls 0.4.2 → 0.4.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/README.md +13 -4
  4. data/_includes/ogp.html +1 -1
  5. data/lib/jekyll/embed.rb +29 -3
  6. data/lib/jekyll-embed-urls.rb +1 -1
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c795f9b16237feeed30d70baee2b6146a51f056929924a295e5b0a1e293e24a0
4
- data.tar.gz: f5824e1b91c6a060306b9d93f258decbf57d9f825dcdfb2592bd2e30581d9638
3
+ metadata.gz: ec91f328eea6a0559fa41ffbfec9bccd3e3a19662369c36331cfaa8d6dc8d4fc
4
+ data.tar.gz: 47b8560d986e6083de1538ab0a372756705579af46d8b4d725051f2f52ad15f9
5
5
  SHA512:
6
- metadata.gz: 83e610b927d530ea2e27b984517deb2046a2589320d2f79479581977ae340988492e4cc91717af7c15638347653c89759d578202a98b60a1887278f97029dfde
7
- data.tar.gz: 5b24859efeb21b55efa2c2b686cdb7b44ef3a810f8e1fbcfe6530a155fdb36abeb57fadcd55cd7941ce16f45f65dee9977b60d246b24c0303ae2341ab83e8bea
6
+ metadata.gz: 5cb5c650b7e79ec5ff0ea074acdbf2334dce4f310a1cc670613f31313dce81368a8a216d468bd73762fab08a13ccfe34d5f5d6887602d8fcc80f07dba5e8c120
7
+ data.tar.gz: f3b16a6d48a274cdd83fa710d5e0e7cec88bd281bd578dba5dd7bccba3d509f9d3a7ecb124f058c73e11687ea273d56c4194599ad552cdf35e4aac3c1b033420
data/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # Changelog
2
2
 
3
+ ## v0.4.3
4
+
5
+ * Correctly use Feature Policy
6
+
7
+ ## v0.4.2
8
+
9
+ * Fix on v0.4.1
10
+
11
+ ## v0.4.1
12
+
13
+ * Don't fail if remote URL returns an empty body
14
+
3
15
  ## v0.4.0
4
16
 
5
17
  * Almost a complete rewrite.
data/README.md CHANGED
@@ -54,10 +54,10 @@ embed:
54
54
  - allow-scripts
55
55
  - allow-popups
56
56
  allow:
57
- - fullscreen
58
- - gyroscope
59
- - picture-in-picture
60
- - clipboard-write
57
+ - fullscreen;
58
+ - gyroscope;
59
+ - picture-in-picture;
60
+ - clipboard-write;
61
61
  loading: 'lazy'
62
62
  controls: true
63
63
  rel:
@@ -162,6 +162,15 @@ Anti-tracking techniques implemented are:
162
162
  If you find more useful techniques, please [open an issue
163
163
  report](https://0xacab.org/sutty/jekyll/jekyll-embed-urls/-/issues).
164
164
 
165
+ ## Feature policy
166
+
167
+ [Feature
168
+ policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
169
+ is a list of directives for allowing or denying features.
170
+
171
+ The directives are separated by semicolons. Any directive not mentioned
172
+ in the configuration is assumed to have a "none" policy by this plugin.
173
+
165
174
  ## Contributing
166
175
 
167
176
  Bug reports and pull requests are welcome on 0xacab.org at
data/_includes/ogp.html CHANGED
@@ -2,7 +2,7 @@
2
2
  {%- if page.video -%}
3
3
  <video poster="{{ page.image }}" class="img-fluid" {{ embed.controls }} src="{{ page.video }}"/>
4
4
  {%- elsif page.image -%}
5
- <img referrerpolicy="{{ embed.referrerpolicy | join: ' ' }}" loading="{{ embed.loading }}" src="{{ page.image }}" class="img-fluid" />
5
+ <img referrerpolicy="{{ embed.referrerpolicy }}" loading="{{ embed.loading }}" src="{{ page.image }}" class="img-fluid" />
6
6
  {%- endif -%}
7
7
 
8
8
  {%- if page.audio -%}
data/lib/jekyll/embed.rb CHANGED
@@ -55,6 +55,10 @@ module Jekyll
55
55
  MEDIA_ATTRIBUTES = %w[controls].freeze
56
56
  A_ATTRIBUTES = %w[referrerpolicy rel target].freeze
57
57
 
58
+ # Directive from Feature Policy
59
+ # @see {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives}
60
+ DIRECTIVES = %w[accelerometer ambient-light-sensor autoplay battery camera display-capture document-domain encrypted-media execution-while-not-rendered execution-while-out-of-viewport fullscreen gamepad geolocation gyroscope layout-animations legacy-image-formats magnetometer microphone midi navigation-override oversized-images payment picture-in-picture publickey-credentials-get speaker-selection sync-xhr usb screen-wake-lock web-share xr-spatial-tracking].freeze
61
+
58
62
  # Templates
59
63
  INCLUDE_OGP = '{% include ogp.html site=site page=page %}'
60
64
  INCLUDE_FALLBACK = '{% include fallback.html site=site page=page %}'
@@ -74,7 +78,7 @@ module Jekyll
74
78
  'attributes' => {
75
79
  'referrerpolicy' => 'strict-origin-when-cross-origin',
76
80
  'sandbox' => %w[allow-scripts allow-popups],
77
- 'allow' => %w[fullscreen gyroscope picture-in-picture clipboard-write],
81
+ 'allow' => %w[fullscreen; gyroscope; picture-in-picture; clipboard-write;],
78
82
  'loading' => 'lazy',
79
83
  'controls' => true,
80
84
  'rel' => %w[noopener noreferrer],
@@ -103,10 +107,13 @@ module Jekyll
103
107
 
104
108
  # Add the _includes dir so we can provide default templates that
105
109
  # can be overriden locally or by the theme.
106
- site.includes_load_paths << File.expand_path(File.join(__dir__, '..', '..', '_includes'))
110
+ includes_dir = File.expand_path(File.join(__dir__, '..', '..', '_includes'))
111
+ site.includes_load_paths << includes_dir unless site.includes_load_paths.include? includes_dir
107
112
  # Since we're embedding, we're allowing iframes
108
113
  Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 << 'iframe'
109
114
 
115
+ reset
116
+
110
117
  # Other elements that are disallowed
111
118
  config['scrub']&.each do |scrub|
112
119
  Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2.delete(scrub)
@@ -117,6 +124,23 @@ module Jekyll
117
124
  site
118
125
  end
119
126
 
127
+ # Reset variables
128
+ #
129
+ # @return [nil]
130
+ def reset
131
+ @allow_same_origin =
132
+ @cache =
133
+ @config =
134
+ @fallback_template =
135
+ @get_cache =
136
+ @http_client =
137
+ @info =
138
+ @ogp_template =
139
+ @payload =
140
+ @value_for_attr =
141
+ nil
142
+ end
143
+
120
144
  # Render the URL as HTML
121
145
  #
122
146
  # 1. Try oembed for video and image
@@ -144,7 +168,9 @@ module Jekyll
144
168
 
145
169
  # @return [Hash]
146
170
  def config
147
- @config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {}))
171
+ @config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {})).tap do |c|
172
+ c['attributes']['allow'].concat (DIRECTIVES - c.dig('attributes', 'allow').join.split(';').map { |s| s.split(' ').first }).join(" 'none';|").split('|')
173
+ end
148
174
  end
149
175
 
150
176
  # Try for OEmbed
data/lib/jekyll-embed-urls.rb CHANGED
@@ -4,6 +4,6 @@ require_relative 'jekyll/embed'
4
4
  require_relative 'jekyll/embed/filter'
5
5
 
6
6
  # Configure Embed
7
- Jekyll::Hooks.register :site, :after_init do |site|
7
+ Jekyll::Hooks.register :site, :after_reset do |site|
8
8
  Jekyll::Embed.site = site
9
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jekyll-embed-urls
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.2
4
+ version: 0.4.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - f
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-09 00:00:00.000000000 Z
11
+ date: 2022-02-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jekyll
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.15'
33
+ version: 0.16.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.15'
40
+ version: 0.16.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: loofah
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -174,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
174
174
  - !ruby/object:Gem::Version
175
175
  version: '0'
176
176
  requirements: []
177
- rubygems_version: 3.1.2
177
+ rubygems_version: 3.1.6
178
178
  signing_key:
179
179
  specification_version: 4
180
180
  summary: Embed URL previsualization in Jekyll posts