onebox 1.9.24 → 1.9.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf558389e0bd7431942769ee39ee40f770245463e97e25400accfe3a130af77f
-  data.tar.gz: 23d64fbf25b722401c33aac9f0230a1d9d904d9db13794041b744c7d43165bec
+  metadata.gz: 6261462665816f1ed15b3da351e0fa160342038955023b1548be3af10ebd3a96
+  data.tar.gz: 70174996ce5669ff406f2970bec253112dadcfababe3caeaa4f35f615379629c
 SHA512:
-  metadata.gz: 06dfe747b8a6408ef1a34c07410f32baf4d94d1cf986edee4e5267daa2eb81278569e1263bc2c9565f20ac123f93c5ca35d324f3eba6140044cfb6169b499652
-  data.tar.gz: 1e6c04cea5599d7d1121c7e6ff502ca0d723fd3037e1955289ff26dce5eb74350db399ffa9293d7f9286971ef9b3cf5e88409ef30eeb454675b738c8924e1c64
+  metadata.gz: e120c498fc253c6863a6437282d5d922c6a89e6c23b59144441326c1c2f4bcf1ab33a215873e07a6d7bd2a6b51d32ac6b7ad592e58b3bb6798e44e1cf07c30cd
+  data.tar.gz: d245616280be4f55c0a245a7466aef9a7290cd48b7abec83a2120c664dc8ed1e117cbd02226fa4c0c6bb49ccb5250dd5e3e5e6161cbb4c78fb41858a37961438

data/.github/workflows/ci.yml

@@ -0,0 +1,39 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        ruby:
+          - 2.4
+          - 2.5
+          - 2.6
+
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Setup ruby
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          architecture: 'x64'
+
+      - name: Setup bundler
+        run: gem install bundler
+
+      - name: Setup gems
+        run: bundle install
+
+      - name: Rubocop
+        run: bundle exec rubocop
+
+      - name: RSpec
+        run: bundle exec rspec

data/lib/onebox/engine/amazon_onebox.rb

@@ -15,7 +15,7 @@ module Onebox
 
       def url
         if match && match[:id]
-          return "https://www.amazon.#{tld}/gp/aw/d/#{URI::encode(match[:id])}"
+          return "https://www.amazon.#{tld}/gp/aw/d/#{Onebox::Helpers.uri_encode(match[:id])}"
         end
 
         @url

data/lib/onebox/engine/cloudapp_onebox.rb

@@ -13,11 +13,11 @@ module Onebox
         og = get_opengraph
 
         if !og.image.nil?
-          return image_html(og)
+          image_html(og)
         elsif og.title.to_s[/\.(mp4|ogv|webm)$/]
-          return video_html(og)
+          video_html(og)
         else
-          return link_html(og)
+          link_html(og)
         end
       end
 

data/lib/onebox/engine/github_blob_onebox.rb

@@ -20,7 +20,7 @@ module Onebox
         "https://raw.githubusercontent.com/#{m[:user]}/#{m[:repo]}/#{m[:sha1]}/#{m[:file]}"
       end
       def title
-        Sanitize.fragment(URI.unescape(link).sub(/^https?\:\/\/github\.com\//, ''))
+        Sanitize.fragment(Onebox::Helpers.uri_unencode(link).sub(/^https?\:\/\/github\.com\//, ''))
       end
     end
   end

data/lib/onebox/engine/gitlab_blob_onebox.rb

@@ -20,7 +20,7 @@ module Onebox
         "https://gitlab.com/#{m[:user]}/#{m[:repo]}/raw/#{m[:sha1]}/#{m[:file]}"
       end
       def title
-        Sanitize.fragment(URI.unescape(link).sub(/^https?\:\/\/gitlab\.com\//, ''))
+        Sanitize.fragment(Onebox::Helpers.uri_unencode(link).sub(/^https?\:\/\/gitlab\.com\//, ''))
       end
     end
   end

data/lib/onebox/helpers.rb

@@ -1,10 +1,14 @@
 # frozen_string_literal: true
 
+require "addressable"
+
 module Onebox
   module Helpers
 
     class DownloadTooLarge < StandardError; end
 
+    IGNORE_CANONICAL_DOMAINS ||= ['www.instagram.com']
+
     def self.symbolize_keys(hash)
       return {} if hash.nil?
 
@@ -23,12 +27,15 @@ module Onebox
     def self.fetch_html_doc(url, headers = nil)
       response = (fetch_response(url, nil, nil, headers) rescue nil)
       doc = Nokogiri::HTML(response)
+      uri = URI(url)
+
+      ignore_canonical_tag = doc.at('meta[property="og:ignore_canonical"]')
+      should_ignore_canonical = IGNORE_CANONICAL_DOMAINS.map { |hostname| uri.hostname.match?(hostname) }.any?
 
-      ignore_canonical = doc.at('meta[property="og:ignore_canonical"]')
-      unless ignore_canonical && ignore_canonical['content'].to_s == 'true'
+      unless (ignore_canonical_tag && ignore_canonical_tag['content'].to_s == 'true') || should_ignore_canonical
         # prefer canonical link
         canonical_link = doc.at('//link[@rel="canonical"]/@href')
-        if canonical_link && "#{URI(canonical_link).host}#{URI(canonical_link).path}" != "#{URI(url).host}#{URI(url).path}"
+        if canonical_link && "#{URI(canonical_link).host}#{URI(canonical_link).path}" != "#{uri.host}#{uri.path}"
           response = (fetch_response(canonical_link, nil, nil, headers) rescue nil)
           doc = Nokogiri::HTML(response) if response
         end
@@ -188,56 +195,25 @@ module Onebox
       src
     end
 
-    RFC_3986_URI_REGEX ||= /^(?<scheme>([^:\/?#]+):)?(?<authority>\/\/([^\/?#]*))?(?<path>[^?#]*)(\?(?<query>[^#]*))?(#(?<fragment>.*))?$/
-    DOUBLE_ESCAPED_REGEXP ||= /%25([0-9a-f]{2})/i
-
-    # Percent-encodes a URI query parameter per RFC3986 - https://tools.ietf.org/html/rfc3986
-    def self.uri_query_encode(query_string)
-      return "" unless query_string
-
-      # query can encode space to %20 OR +
-      # + MUST be encoded as %2B
-      # in RFC3968 both query and fragment are defined as:
-      # = *( pchar / "/" / "?" )
-      # CGI.escape turns space into + which is the most backward compatible
-      # however it doesn't roundtrip through URI.unescape which prefers %20
-      CGI.escape(query_string).gsub('%25', '%').gsub('+', '%20')
-    end
-
     # Percent-encodes a URI string per RFC3986 - https://tools.ietf.org/html/rfc3986
     def self.uri_encode(url)
       return "" unless url
 
-      # parse uri into named matches, then reassemble properly encoded
-      parts = url.match(RFC_3986_URI_REGEX)
-
-      encoded = ""
-      encoded += parts[:scheme] unless parts[:scheme].nil?
-      encoded += parts[:authority] unless parts[:authority].nil?
-
-      # path requires space to be encoded as %20 (NEVER +)
-      # + should be left unencoded
-      # URI::parse and URI::Generic.build don't like paths encoded with CGI.escape
-      # URI.escape does not change / to %2F and : to %3A like CGI.escape
-      encoded += URI.escape(parts[:path]) unless parts[:path].nil?
-      encoded.gsub!(DOUBLE_ESCAPED_REGEXP, '%\1')
-
-      # each query parameter
-      if !parts[:query].nil?
-        query_string = parts[:query].split('&').map do |pair|
-          # can optionally be separated by an =
-          pair.split('=').map do |v|
-            uri_query_encode(v)
-          end.join('=')
-        end.join('&')
-        encoded += '?' + query_string
-      end
+      uri = Addressable::URI.parse(url)
 
-      unless parts[:fragment].nil?
-        encoded += '#' + uri_query_encode(parts[:fragment])&.gsub('%21%2F', '!/')
-      end
+      encoded_uri = Addressable::URI.new(
+        scheme: Addressable::URI.encode_component(uri.scheme, Addressable::URI::CharacterClasses::SCHEME),
+        authority: Addressable::URI.encode_component(uri.authority, Addressable::URI::CharacterClasses::AUTHORITY),
+        path: Addressable::URI.encode_component(uri.path, Addressable::URI::CharacterClasses::PATH + "\\%"),
+        query: Addressable::URI.encode_component(uri.query, "a-zA-Z0-9\\-\\.\\_\\~\\$\\&\\*\\,\\=\\:\\@\\?\\%"),
+        fragment: Addressable::URI.encode_component(uri.fragment, "a-zA-Z0-9\\-\\.\\_\\~\\!\\$\\&\\'\\(\\)\\*\\+\\,\\;\\=\\:\\/\\?\\%")
+      )
+
+      encoded_uri.to_s
+    end
 
-      encoded
+    def self.uri_unencode(url)
+      Addressable::URI.unencode(url)
     end
 
     def self.video_placeholder_html

data/lib/onebox/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Onebox
-  VERSION = "1.9.24"
+  VERSION = "1.9.25"
 end

data/onebox.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files`.split($/).reject { |s| s =~ /^(spec|web)/ }
   spec.require_paths = ['lib']
 
+  spec.add_runtime_dependency 'addressable', '~> 2.7.0'
   spec.add_runtime_dependency 'multi_json', '~> 1.11'
   spec.add_runtime_dependency 'mustache'
   spec.add_runtime_dependency 'nokogiri', '~> 1.7'
@@ -32,7 +33,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'fakeweb', '~> 1.3'
   spec.add_development_dependency 'pry', '~> 0.10'
   spec.add_development_dependency 'mocha', '~> 1.1'
-  spec.add_development_dependency 'rubocop', '~> 0.69.0'
+  spec.add_development_dependency 'rubocop', '~> 0.78.0'
   spec.add_development_dependency 'rubocop-discourse', '~> 1.0.1'
   spec.add_development_dependency 'twitter', '~> 4.8'
   spec.add_development_dependency 'guard-rspec', '~> 4.2.8'

data/templates/instagram.mustache

@@ -1,9 +1,9 @@
-<h3><a href="{{link}}" target="_blank">{{title}}</a></h3>
+<h3><a href="{{{link}}}" target="_blank">{{title}}</a></h3>
 
 {{#image}}
   <div class="instagram-images">
-    {{#video_link}} <a href="{{video_link}}" target="_blank"> {{/video_link}}
-      <img class="instagram-image" src="{{image}}"/>
+    {{#video_link}} <a href="{{{video_link}}}" target="_blank"> {{/video_link}}
+      <img class="instagram-image" src="{{{image}}}"/>
     {{#video_link}} <span class="instagram-video-icon"></span></a> {{/video_link}}
   </div>
 {{/image}}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: onebox
 version: !ruby/object:Gem::Version
-  version: 1.9.24
+  version: 1.9.25
 platform: ruby
 authors:
 - Joanna Zeta
@@ -10,8 +10,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-27 00:00:00.000000000 Z
+date: 2020-01-13 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.0
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -172,14 +186,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.69.0
+        version: 0.78.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.69.0
+        version: 0.78.0
 - !ruby/object:Gem::Dependency
   name: rubocop-discourse
   requirement: !ruby/object:Gem::Requirement
@@ -287,11 +301,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-gemset"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - Guardfile
@@ -421,7 +435,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: A gem for generating embeddable HTML previews from URLs.

data/.travis.yml

@@ -1,17 +0,0 @@
-language: ruby
-sudo: false
-rvm:
-  - 2.4
-  - 2.5
-  - 2.6
-notifications:
-  email:
-    on_success: change
-    on_failure: change
-script:
-  - bundle exec rubocop
-  - bundle exec rspec
-cache:
-  bundler: true
-before_install:
-  - gem install bundler