jekyll-embed-urls 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +3 -0
- data/lib/jekyll-embed-urls.rb +56 -28
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '00388f250c4eb3227080c3dfb580b6a436c0fb1e58c877b650f4bd4f279b27e9'
|
|
4
|
+
data.tar.gz: 1ae33d07ca3576dc0421f657f503884be86e809c6489e8a005fd9f9e3eff6f93
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f034c24e5376036b2e1c38e174d2a46a1c909b3e834d5841cbacbed33bae5fd5898e8d0501dc5d14a4d25cad728937d72d111fad20d2eee1486e0d777516ee32
|
|
7
|
+
data.tar.gz: 79583d31b31cc5d2d7de674091045b8c466d0e95cd2356a94393a3c24c1f23cc1e27172565cc535b8c35dc4aa66936699cf201e768be7572b2eef97e5c9d8f9a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## v0.3.0
|
|
4
|
+
|
|
5
|
+
* Reuse the iframe and sandbox it if the embed code contains one
|
|
6
|
+
|
|
7
|
+
* Use a Referrer-Policy
|
|
8
|
+
|
|
9
|
+
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
|
10
|
+
|
|
11
|
+
https://web.dev/referrer-best-practices/
|
|
12
|
+
|
|
3
13
|
## v0.2.0
|
|
4
14
|
|
|
5
15
|
* Use a sandboxed iframe
|
data/README.md
CHANGED
|
@@ -58,6 +58,9 @@ intended to be a safe, welcoming space for collaboration, and
|
|
|
58
58
|
contributors are expected to adhere to the [Sutty code of
|
|
59
59
|
conduct](https://sutty.nl/en/code-of-conduct/).
|
|
60
60
|
|
|
61
|
+
If you like our plugins, [please consider
|
|
62
|
+
donating](https://donaciones.sutty.nl/en/)!
|
|
63
|
+
|
|
61
64
|
## License
|
|
62
65
|
|
|
63
66
|
The gem is available as free software under the terms of the GPL3
|
data/lib/jekyll-embed-urls.rb
CHANGED
|
@@ -1,60 +1,88 @@
|
|
|
1
1
|
require 'oembed'
|
|
2
2
|
require 'cgi'
|
|
3
|
+
require 'oga'
|
|
3
4
|
|
|
5
|
+
# TODO: We tested several of the mainstream embedable contents (YT, IG,
|
|
6
|
+
# Twitter) and specially IG and Twitter just want to take over the page
|
|
7
|
+
# to set their own size, also send metrics. So they won't work on a
|
|
8
|
+
# sandboxed iframe, which we were expecting, but they also won't be
|
|
9
|
+
# comfortable for visitors to use. We're planning on using OGP and
|
|
10
|
+
# render our own partials (configurable) for this. This way everything
|
|
11
|
+
# is safer and the embedded content even adapts to the site's design.
|
|
12
|
+
#
|
|
13
|
+
# So, expect a major refactoring!
|
|
14
|
+
|
|
15
|
+
OEmbed::Providers.register_all
|
|
16
|
+
OEmbed::Providers.register_fallback(OEmbed::ProviderDiscovery,
|
|
17
|
+
OEmbed::Providers::Noembed)
|
|
4
18
|
|
|
5
19
|
# Process the content of documents before rendering them to find URLs in
|
|
6
20
|
# a block.
|
|
7
21
|
Jekyll::Hooks.register :site, :pre_render do |site|
|
|
8
22
|
# Cache results
|
|
9
23
|
cache ||= Jekyll::Cache.new('Jekyll::OEmbed::Urls')
|
|
24
|
+
# TODO: Make configurable
|
|
25
|
+
referrer_policy = 'strict-origin-when-cross-origin'
|
|
10
26
|
|
|
11
27
|
# Only modify documents to be written
|
|
12
28
|
site.docs_to_write.each do |doc|
|
|
13
29
|
# Skip text paragraphs
|
|
14
|
-
|
|
30
|
+
# XXX: Find link in first line
|
|
31
|
+
next unless %r{\n\n\s*<?https?://} =~ doc.content
|
|
15
32
|
|
|
16
33
|
# Split texts by markdown blocks
|
|
17
34
|
doc.content = doc.content.split("\n\n").map do |p|
|
|
18
35
|
# Only process lines with URLs
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
36
|
+
next p unless %r{\A\s*<?https?://} =~ p
|
|
37
|
+
# Remove empty characters and markdown autolinks
|
|
38
|
+
p = p.strip.tr('<', '').tr('>', '')
|
|
39
|
+
|
|
40
|
+
# @see {https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox}
|
|
41
|
+
same_origin = p.start_with? site.config['url']
|
|
42
|
+
|
|
43
|
+
Jekyll.logger.debug "Finding OEmbed content for #{p}"
|
|
44
|
+
# Cache the results
|
|
45
|
+
cache.getset(p) do
|
|
46
|
+
Jekyll.logger.debug "=> Not cached, obtaining..."
|
|
47
|
+
|
|
48
|
+
result = OEmbed::Providers.get(p)
|
|
49
|
+
sandbox = "allow-scripts #{same_origin ? '' : 'allow-same-origin'}"
|
|
22
50
|
|
|
23
|
-
#
|
|
24
|
-
|
|
51
|
+
# If the embed HTML contains an iframe, make sure it has the
|
|
52
|
+
# correct attributes.
|
|
53
|
+
if %r{<iframe } =~ result.html
|
|
54
|
+
html = Oga.parse_html result.html
|
|
25
55
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
56
|
+
html.css('iframe').each do |iframe|
|
|
57
|
+
iframe.attributes.delete_if do |attr|
|
|
58
|
+
%w[width height].include? attr.name
|
|
59
|
+
end
|
|
30
60
|
|
|
31
|
-
|
|
61
|
+
iframe.attributes << Oga::XML::Attribute.new(name: 'sandbox', value: sandbox)
|
|
62
|
+
iframe.attributes << Oga::XML::Attribute.new(name: 'referrerpolicy', value: referrer_policy)
|
|
63
|
+
end
|
|
32
64
|
|
|
65
|
+
html.to_xml
|
|
66
|
+
else
|
|
33
67
|
# Return a sandboxed iframe with the size of the HTML. We
|
|
34
68
|
# only allow scripts to run inside the iframe and nothing
|
|
35
69
|
# else.
|
|
36
70
|
<<~IFRAME
|
|
37
71
|
<iframe
|
|
38
|
-
referrerpolicy="
|
|
39
|
-
sandbox="
|
|
72
|
+
referrerpolicy="#{referrer_policy}"
|
|
73
|
+
sandbox="#{sandbox}"
|
|
40
74
|
style="min-width:#{result.width}px;min-height:#{result.height || 0}px"
|
|
41
|
-
srcdoc="#{CGI.escape_html result.html}"
|
|
42
|
-
></iframe>
|
|
75
|
+
srcdoc="#{CGI.escape_html result.html}"></iframe>
|
|
43
76
|
IFRAME
|
|
44
|
-
|
|
45
|
-
result.html
|
|
46
|
-
rescue OEmbed::NotFound => e
|
|
47
|
-
# If the URL doesn't support OEmbed just return an external
|
|
48
|
-
# link.
|
|
49
|
-
#
|
|
50
|
-
# TODO: Fetch information with OGP and render a template.
|
|
51
|
-
Jekyll.logger.warn "#{p} is not oembeddable or URL can't be fetched, showing as URL"
|
|
52
|
-
|
|
53
|
-
"<a href=\"#{p}\" target=\"_blank\">#{p}</a>"
|
|
54
77
|
end
|
|
55
|
-
|
|
56
|
-
#
|
|
57
|
-
|
|
78
|
+
rescue OEmbed::NotFound => e
|
|
79
|
+
# If the URL doesn't support OEmbed just return an external
|
|
80
|
+
# link.
|
|
81
|
+
#
|
|
82
|
+
# TODO: Fetch information with OGP and render a template.
|
|
83
|
+
Jekyll.logger.warn "#{p} is not oembeddable or URL can't be fetched, showing as URL"
|
|
84
|
+
|
|
85
|
+
%(<a href="#{p}" target="_blank" referrerpolicy="#{referrer_policy}">#{p}</a>)
|
|
58
86
|
end
|
|
59
87
|
# Rebuild the content
|
|
60
88
|
end.join("\n\n")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jekyll-embed-urls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- f
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jekyll
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0.13'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: oga
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '2.15'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '2.15'
|
|
41
55
|
description: Replaces URLs for their previsualization in Jekyll posts
|
|
42
56
|
email:
|
|
43
57
|
- f@sutty.nl
|