jekyll-embed-urls 0.4.2 → 0.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/README.md +13 -4
- data/_includes/ogp.html +1 -1
- data/lib/jekyll/embed.rb +29 -3
- data/lib/jekyll-embed-urls.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ec91f328eea6a0559fa41ffbfec9bccd3e3a19662369c36331cfaa8d6dc8d4fc
|
4
|
+
data.tar.gz: 47b8560d986e6083de1538ab0a372756705579af46d8b4d725051f2f52ad15f9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5cb5c650b7e79ec5ff0ea074acdbf2334dce4f310a1cc670613f31313dce81368a8a216d468bd73762fab08a13ccfe34d5f5d6887602d8fcc80f07dba5e8c120
|
7
|
+
data.tar.gz: f3b16a6d48a274cdd83fa710d5e0e7cec88bd281bd578dba5dd7bccba3d509f9d3a7ecb124f058c73e11687ea273d56c4194599ad552cdf35e4aac3c1b033420
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -54,10 +54,10 @@ embed:
|
|
54
54
|
- allow-scripts
|
55
55
|
- allow-popups
|
56
56
|
allow:
|
57
|
-
- fullscreen
|
58
|
-
- gyroscope
|
59
|
-
- picture-in-picture
|
60
|
-
- clipboard-write
|
57
|
+
- fullscreen;
|
58
|
+
- gyroscope;
|
59
|
+
- picture-in-picture;
|
60
|
+
- clipboard-write;
|
61
61
|
loading: 'lazy'
|
62
62
|
controls: true
|
63
63
|
rel:
|
@@ -162,6 +162,15 @@ Anti-tracking techniques implemented are:
|
|
162
162
|
If you find more useful techniques, please [open an issue
|
163
163
|
report](https://0xacab.org/sutty/jekyll/jekyll-embed-urls/-/issues).
|
164
164
|
|
165
|
+
## Feature policy
|
166
|
+
|
167
|
+
[Feature
|
168
|
+
policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
|
169
|
+
is a list of directives for allowing or denying features.
|
170
|
+
|
171
|
+
The directives are separated by semicolons. Any directive not mentioned
|
172
|
+
in the configuration is assumed to have a "none" policy by this plugin.
|
173
|
+
|
165
174
|
## Contributing
|
166
175
|
|
167
176
|
Bug reports and pull requests are welcome on 0xacab.org at
|
data/_includes/ogp.html
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
{%- if page.video -%}
|
3
3
|
<video poster="{{ page.image }}" class="img-fluid" {{ embed.controls }} src="{{ page.video }}"/>
|
4
4
|
{%- elsif page.image -%}
|
5
|
-
<img referrerpolicy="{{ embed.referrerpolicy
|
5
|
+
<img referrerpolicy="{{ embed.referrerpolicy }}" loading="{{ embed.loading }}" src="{{ page.image }}" class="img-fluid" />
|
6
6
|
{%- endif -%}
|
7
7
|
|
8
8
|
{%- if page.audio -%}
|
data/lib/jekyll/embed.rb
CHANGED
@@ -55,6 +55,10 @@ module Jekyll
|
|
55
55
|
MEDIA_ATTRIBUTES = %w[controls].freeze
|
56
56
|
A_ATTRIBUTES = %w[referrerpolicy rel target].freeze
|
57
57
|
|
58
|
+
# Directive from Feature Policy
|
59
|
+
# @see {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives}
|
60
|
+
DIRECTIVES = %w[accelerometer ambient-light-sensor autoplay battery camera display-capture document-domain encrypted-media execution-while-not-rendered execution-while-out-of-viewport fullscreen gamepad geolocation gyroscope layout-animations legacy-image-formats magnetometer microphone midi navigation-override oversized-images payment picture-in-picture publickey-credentials-get speaker-selection sync-xhr usb screen-wake-lock web-share xr-spatial-tracking].freeze
|
61
|
+
|
58
62
|
# Templates
|
59
63
|
INCLUDE_OGP = '{% include ogp.html site=site page=page %}'
|
60
64
|
INCLUDE_FALLBACK = '{% include fallback.html site=site page=page %}'
|
@@ -74,7 +78,7 @@ module Jekyll
|
|
74
78
|
'attributes' => {
|
75
79
|
'referrerpolicy' => 'strict-origin-when-cross-origin',
|
76
80
|
'sandbox' => %w[allow-scripts allow-popups],
|
77
|
-
'allow' => %w[fullscreen gyroscope picture-in-picture clipboard-write],
|
81
|
+
'allow' => %w[fullscreen; gyroscope; picture-in-picture; clipboard-write;],
|
78
82
|
'loading' => 'lazy',
|
79
83
|
'controls' => true,
|
80
84
|
'rel' => %w[noopener noreferrer],
|
@@ -103,10 +107,13 @@ module Jekyll
|
|
103
107
|
|
104
108
|
# Add the _includes dir so we can provide default templates that
|
105
109
|
# can be overriden locally or by the theme.
|
106
|
-
|
110
|
+
includes_dir = File.expand_path(File.join(__dir__, '..', '..', '_includes'))
|
111
|
+
site.includes_load_paths << includes_dir unless site.includes_load_paths.include? includes_dir
|
107
112
|
# Since we're embedding, we're allowing iframes
|
108
113
|
Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 << 'iframe'
|
109
114
|
|
115
|
+
reset
|
116
|
+
|
110
117
|
# Other elements that are disallowed
|
111
118
|
config['scrub']&.each do |scrub|
|
112
119
|
Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2.delete(scrub)
|
@@ -117,6 +124,23 @@ module Jekyll
|
|
117
124
|
site
|
118
125
|
end
|
119
126
|
|
127
|
+
# Reset variables
|
128
|
+
#
|
129
|
+
# @return [nil]
|
130
|
+
def reset
|
131
|
+
@allow_same_origin =
|
132
|
+
@cache =
|
133
|
+
@config =
|
134
|
+
@fallback_template =
|
135
|
+
@get_cache =
|
136
|
+
@http_client =
|
137
|
+
@info =
|
138
|
+
@ogp_template =
|
139
|
+
@payload =
|
140
|
+
@value_for_attr =
|
141
|
+
nil
|
142
|
+
end
|
143
|
+
|
120
144
|
# Render the URL as HTML
|
121
145
|
#
|
122
146
|
# 1. Try oembed for video and image
|
@@ -144,7 +168,9 @@ module Jekyll
|
|
144
168
|
|
145
169
|
# @return [Hash]
|
146
170
|
def config
|
147
|
-
@config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {}))
|
171
|
+
@config ||= Jekyll::Utils.deep_merge_hashes(DEFAULT_CONFIG, (site.config['embed'] || {})).tap do |c|
|
172
|
+
c['attributes']['allow'].concat (DIRECTIVES - c.dig('attributes', 'allow').join.split(';').map { |s| s.split(' ').first }).join(" 'none';|").split('|')
|
173
|
+
end
|
148
174
|
end
|
149
175
|
|
150
176
|
# Try for OEmbed
|
data/lib/jekyll-embed-urls.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jekyll-embed-urls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- f
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jekyll
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 0.16.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 0.16.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: loofah
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -174,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
174
174
|
- !ruby/object:Gem::Version
|
175
175
|
version: '0'
|
176
176
|
requirements: []
|
177
|
-
rubygems_version: 3.1.
|
177
|
+
rubygems_version: 3.1.6
|
178
178
|
signing_key:
|
179
179
|
specification_version: 4
|
180
180
|
summary: Embed URL previsualization in Jekyll posts
|