onebox 1.8.4 → 1.8.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 98fc21836d5ddcb857c0bb72f823c23d5e269496
-  data.tar.gz: 0686f0001610272d1faafc07c36128d24aa7a4b3
+  metadata.gz: 2e6396e2c853cabff86cb24b13b78d1bc5593b63
+  data.tar.gz: 13b5abf77b2af2c082c89136c9244759193fbd7a
 SHA512:
-  metadata.gz: 31092ef0ffdfd513fc8b1f1f8e6ce4422eb451e48c749635b824bacb0305364e49ade2c27adba386d740b4a5e140891f509ad16c7760dcce8edfe04db49097f5
-  data.tar.gz: a73d3abdb2f91231f273e4f7e7fea101f5592b2f8e32984c425d4da209fabd33c310540b0acb1026a574f4b72581241428dda64a0ffc1437f81179b627b8643c
+  metadata.gz: fd3d129640983ed1d96e8b769c24e0575d66810ef01713e5c22f84ffbd70d0370162e789652a876f769c12c73e9fdfcd9c035ee9467bc4083125f38ce4b72cb0
+  data.tar.gz: af3d5855ef0b77552f5c9b964dead3610872a509a9c72f3441b87d442268bcbf567dd226a61b837aaf5204ea68464fd12129010dcf79b6b3884f9df8d2d330a3

data/README.md

@@ -76,7 +76,7 @@ Development Preview Interface
 =============================
 
 The onebox gem comes with a development server for previewing the results
-of your changes. You can run it by running `rake server` after checking
+of your changes. You can run it by running `bundle exec rake server` after checking
 out the project. You can then try out URLs.
 
 The server doesn't reload code changes automatically (PRs accepted!) so
@@ -92,88 +92,88 @@ Adding Support for a new URL
 
   2. Create new onebox engine
 
-    ``` ruby
-    # in lib/onebox/engine/name_onebox.rb
-
-    module Onebox
-      module Engine
-        class NameOnebox
-          include LayoutSupport
-          include HTML
-
-          private
-
-          def data
-            {
-              url: @url,
-              name: raw.css("h1").inner_text,
-              image: raw.css("#main-image").first["src"],
-              description: raw.css("#postBodyPS").inner_text
-            }
-          end
-        end
-      end
-    end
-    ```
+     ``` ruby
+     # in lib/onebox/engine/name_onebox.rb
+
+     module Onebox
+       module Engine
+         class NameOnebox
+           include LayoutSupport
+           include HTML
+
+           private
+
+           def data
+             {
+               url: @url,
+               name: raw.css("h1").inner_text,
+               image: raw.css("#main-image").first["src"],
+               description: raw.css("#postBodyPS").inner_text
+             }
+           end
+         end
+       end
+     end
+     ```
 
   3. Create new onebox spec using [FakeWeb](https://github.com/chrisk/fakeweb)
 
-    ``` ruby
-    # in spec/lib/onebox/engine/name_spec.rb
-    require "spec_helper"
+     ``` ruby
+     # in spec/lib/onebox/engine/name_spec.rb
+     require "spec_helper"
 
-    describe Onebox::Engine::NameOnebox do
-      let(:link) { "http://example.com" }
-      let(:html) { described_class.new(link).to_html }
+     describe Onebox::Engine::NameOnebox do
+       let(:link) { "http://example.com" }
+       let(:html) { described_class.new(link).to_html }
 
-      before do
-        fake(link, response("name.response"))
-      end
+       before do
+         fake(link, response("name.response"))
+       end
 
-      it "has the video's title" do
-        expect(html).to include("title")
-      end
+       it "has the video's title" do
+         expect(html).to include("title")
+       end
 
-      it "has the video's still shot" do
-        expect(html).to include("photo.jpg")
-      end
+       it "has the video's still shot" do
+         expect(html).to include("photo.jpg")
+       end
 
-      it "has the video's description" do
-        expect(html).to include("description")
-      end
+       it "has the video's description" do
+         expect(html).to include("description")
+       end
 
-      it "has the URL to the resource" do
-        expect(html).to include(link)
-      end
-    end
-    ```
+       it "has the URL to the resource" do
+         expect(html).to include(link)
+       end
+     end
+     ```
 
   4. Create new mustache template
 
-    ``` html
-    # in templates/name.mustache
-    <div class="onebox">
-      <a href="{{url}}">
-        <h1>{{name}}</h1>
-        <h2 class="host">example.com</h2>
-        <img src="{{image}}" />
-        <p>{{description}}</p>
-      </a>
-    </div>
-    ```
+     ``` html
+     # in templates/name.mustache
+     <div class="onebox">
+       <a href="{{url}}">
+         <h1>{{name}}</h1>
+         <h2 class="host">example.com</h2>
+         <img src="{{image}}" />
+         <p>{{description}}</p>
+       </a>
+     </div>
+     ```
 
   5. Create new fixture from HTML response for your FakeWeb request(s)
 
-    ``` bash
-    curl --output spec/fixtures/oneboxname.response -L -X -GET http://example.com
-    ```
+     ``` bash
+     curl --output spec/fixtures/oneboxname.response -L -X -GET http://example.com
+     ```
 
   6. Require in Engine module
 
-    ``` ruby
-    # in lib/onebox/engine.rb
-    require_relative "engine/name_onebox"
-    ```
+     ``` ruby
+     # in lib/onebox/engine.rb
+     require_relative "engine/name_onebox"
+     ```
 
 
 Whitelisted Generic Onebox caveats

data/lib/onebox/engine.rb

@@ -174,5 +174,6 @@ require_relative "engine/mixcloud_onebox"
 require_relative "engine/bandcamp_onebox"
 require_relative "engine/coub_onebox"
 require_relative "engine/flickr_onebox"
+require_relative "engine/flickr_shortened_onebox"
 require_relative "engine/five_hundred_px_onebox"
 require_relative "engine/pdf_onebox"

data/lib/onebox/engine/flickr_onebox.rb

@@ -1,18 +1,14 @@
+require_relative './opengraph_image'
+
 module Onebox
   module Engine
     class FlickrOnebox
       include Engine
       include StandardEmbed
+      include OpengraphImage
 
       matches_regexp(/^https?:\/\/www\.flickr\.com\/photos\//)
       always_https
-
-      def to_html
-        og = get_opengraph
-        escaped_src = ::Onebox::Helpers.normalize_url_for_output(og[:image])
-        "<img src='#{escaped_src}' width='#{og[:image_width]}' height='#{og[:image_height]}' #{Helpers.title_attr(og)}>"
-      end
-
     end
   end
 end

data/lib/onebox/engine/flickr_shortened_onebox.rb

@@ -0,0 +1,14 @@
+require_relative './opengraph_image'
+
+module Onebox
+  module Engine
+    class FlickrShortenedOnebox
+      include Engine
+      include StandardEmbed
+      include OpengraphImage
+
+      matches_regexp(/^https?:\/\/flic\.kr\/p\//)
+      always_https
+    end
+  end
+end

data/lib/onebox/engine/giphy_onebox.rb

@@ -10,11 +10,10 @@ module Onebox
       def to_html
         oembed = get_oembed
         escaped_url = ::Onebox::Helpers.normalize_url_for_output(oembed[:url])
-        escaped_src = ::Onebox::Helpers.normalize_url_for_output(oembed[:image])
 
         <<-HTML
           <a href="#{escaped_url}" target="_blank">
-            <img src="#{escaped_src}" width="#{oembed[:width]}" height="#{oembed[:height]}" #{Helpers.title_attr(oembed)}>
+            <img src="#{escaped_url}" width="#{oembed[:width]}" height="#{oembed[:height]}" #{Helpers.title_attr(oembed)}>
           </a>
         HTML
       end

data/lib/onebox/engine/opengraph_image.rb

@@ -0,0 +1,13 @@
+module Onebox
+  module Engine
+    module OpengraphImage
+
+      def to_html
+        og = get_opengraph
+        escaped_src = ::Onebox::Helpers.normalize_url_for_output(og[:image])
+        "<img src='#{escaped_src}' width='#{og[:image_width]}' height='#{og[:image_height]}' #{Helpers.title_attr(og)}>"
+      end
+
+    end
+  end
+end

data/lib/onebox/engine/steam_store_onebox.rb

@@ -22,7 +22,7 @@ module Onebox
       end
 
       def to_html
-        iframe_url = @url.gsub('/app/', '/widget/')
+        iframe_url = @url[/https?:\/\/store\.steampowered\.com\/app\/\d+/].gsub("/app/", "/widget/")
         escaped_src = ::Onebox::Helpers.normalize_url_for_output(iframe_url)
 
         <<-HTML

data/lib/onebox/engine/twitter_status_onebox.rb

@@ -5,7 +5,7 @@ module Onebox
       include LayoutSupport
       include HTML
 
-      matches_regexp /^https?:\/\/(mobile\.|www\.)?twitter\.com\/.+?\/status(es)?\/\d+$/
+      matches_regexp /^https?:\/\/(mobile\.|www\.)?twitter\.com\/.+?\/status(es)?\/\d+(\/(video|photo)\/\d?+)?+\/?$/
       always_https
 
       private

data/lib/onebox/engine/whitelisted_generic_onebox.rb

@@ -56,11 +56,12 @@ module Onebox
           espn.go.com
           etsy.com
           findery.com
-          flickr.com
           folksy.com
           forbes.com
           foxnews.com
           funnyordie.com
+          gfycat.com
+          gifs.com
           groupon.com
           howtogeek.com
           huffingtonpost.ca
@@ -102,6 +103,7 @@ module Onebox
           speakerdeck.com
           spotify.com
           squidoo.com
+          streamable.com
           techcrunch.com
           ted.com
           thefreedictionary.com

data/lib/onebox/engine/xkcd_onebox.rb

@@ -5,7 +5,7 @@ module Onebox
       include LayoutSupport
       include JSON
 
-      matches_regexp(/^https?:\/\/(www\.)?xkcd\.com\/\d+/)
+      matches_regexp(/^https?:\/\/(www\.)?(m\.)?xkcd\.com\/\d+/)
 
       def url
         "https://xkcd.com/#{match[:comic_id]}/info.0.json"

data/lib/onebox/sanitize_config.rb

@@ -6,20 +6,42 @@ class Sanitize
     ONEBOX ||= freeze_config merge(RELAXED,
       elements: RELAXED[:elements] + %w[audio embed iframe source video],
 
-      attributes: merge(RELAXED[:attributes],
+      attributes: {
+        'a'      => RELAXED[:attributes]['a'] + %w(target),
         'audio'  => %w[controls],
         'embed'  => %w[height src type width],
         'iframe' => %w[allowfullscreen frameborder height scrolling src width],
         'source' => %w[src type],
         'video'  => %w[controls height loop width],
         'div'    => [:data], # any data-* attributes
-      ),
+      },
 
-      protocols: merge(RELAXED[:protocols],
+      add_attributes: {
+        'iframe' => {
+          'seamless' => 'seamless',
+          'sandbox' => 'allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox',
+        }
+      },
+
+      transformers: (RELAXED[:transformers] || []) + [
+        lambda do |env|
+          next unless env[:node_name] == 'a'
+          a_tag = env[:node]
+          a_tag['href'] ||= '#'
+          if a_tag['href'] =~ %r{^(?:[a-z]+:)?//}
+            a_tag['target'] = '_blank'
+            a_tag['rel']    = 'nofollow noopener'
+          else
+            a_tag.remove_attribute('target')
+          end
+        end
+      ],
+
+      protocols: {
         'embed'  => { 'src' => HTTP_PROTOCOLS },
         'iframe' => { 'src' => HTTP_PROTOCOLS },
         'source' => { 'src' => HTTP_PROTOCOLS },
-      ),
+      },
     )
   end
 end

data/lib/onebox/version.rb

@@ -1,3 +1,3 @@
 module Onebox
-  VERSION = "1.8.4"
+  VERSION = "1.8.5"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: onebox
 version: !ruby/object:Gem::Version
-  version: 1.8.4
+  version: 1.8.5
 platform: ruby
 authors:
 - Joanna Zeta
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-12 00:00:00.000000000 Z
+date: 2017-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -337,6 +337,7 @@ files:
 - lib/onebox/engine/douban_onebox.rb
 - lib/onebox/engine/five_hundred_px_onebox.rb
 - lib/onebox/engine/flickr_onebox.rb
+- lib/onebox/engine/flickr_shortened_onebox.rb
 - lib/onebox/engine/gfycat_onebox.rb
 - lib/onebox/engine/giphy_onebox.rb
 - lib/onebox/engine/github_blob_onebox.rb
@@ -353,6 +354,7 @@ files:
 - lib/onebox/engine/imgur_onebox.rb
 - lib/onebox/engine/json.rb
 - lib/onebox/engine/mixcloud_onebox.rb
+- lib/onebox/engine/opengraph_image.rb
 - lib/onebox/engine/pastebin_onebox.rb
 - lib/onebox/engine/pdf_onebox.rb
 - lib/onebox/engine/pubmed_onebox.rb
@@ -498,7 +500,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.7
 signing_key: 
 specification_version: 4
 summary: A gem for turning URLs into previews.