open_graph_reader 0.8.0 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/open_graph_reader/builder.rb +9 -0
- data/lib/open_graph_reader/configuration.rb +12 -2
- data/lib/open_graph_reader/definitions.rb +1 -1
- data/lib/open_graph_reader/object/dsl/types.rb +2 -2
- data/lib/open_graph_reader/version.rb +1 -1
- data/spec/fixtures/test_cases/missing_image.html +20 -0
- data/spec/integration/real_world_spec.rb +30 -30
- data/spec/integration/test_cases_spec.rb +25 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9b2be2afb7b365d8468b7c46612dc6a7f66e4db83da493baebfe9025158381cc
|
4
|
+
data.tar.gz: 34a19b79783deb6978b5c8f71ee66934226275458da0738fd8a605d502002a67
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aa5f48b258cf438d61496cd473291a6f17da9f388cb66d0b2ba95559c45a7360c738a9bcb7a019547366b545e5130a4b4349d5a7e830994d2ebad79762b084dd
|
7
|
+
data.tar.gz: b4fe3d314effb7b48cff29cf87982ebffc65caa3993b43a16b5f0d6cf2fbb22a2241fc29e753fd888563b5a734ddd79cf82cf4f0ee5995c861f4f570e7c4bd4f
|
@@ -122,6 +122,7 @@ module OpenGraphReader
|
|
122
122
|
def synthesize_required_properties base
|
123
123
|
synthesize_url base
|
124
124
|
synthesize_title base
|
125
|
+
synthesize_image_content base
|
125
126
|
end
|
126
127
|
|
127
128
|
def synthesize_url base
|
@@ -138,6 +139,14 @@ module OpenGraphReader
|
|
138
139
|
base.og["title"] = @parser.title
|
139
140
|
end
|
140
141
|
|
142
|
+
def synthesize_image_content base
|
143
|
+
return unless OpenGraphReader.config.synthesize_image_content
|
144
|
+
return unless base.og.image
|
145
|
+
return if base.og.image.content || base.og.image.url.nil?
|
146
|
+
|
147
|
+
base.og.image.content = base.og.image.url
|
148
|
+
end
|
149
|
+
|
141
150
|
def drop_empty_children base
|
142
151
|
base = base.children
|
143
152
|
base.each do |key, object|
|
@@ -80,7 +80,16 @@ module OpenGraphReader
|
|
80
80
|
# See {#synthesize_full_url}
|
81
81
|
#
|
82
82
|
# @return [Bool]
|
83
|
-
attr_accessor :
|
83
|
+
attr_accessor :synthesize_full_image_url
|
84
|
+
|
85
|
+
# Guess the og:image content when it's missing and og:image:url is present (default: <tt>false</tt>).
|
86
|
+
#
|
87
|
+
# The spec requires the og:image property to be present, however not all sites provide it, as they might see it
|
88
|
+
# redundant to og:image:url. This option enables a fallback that sets the og:image content to the og:image:url
|
89
|
+
# when the former is missing.
|
90
|
+
#
|
91
|
+
# @return [Bool]
|
92
|
+
attr_accessor :synthesize_image_content
|
84
93
|
|
85
94
|
# Parse non ISO8601 datetimes (default: <tt>false</tt>).
|
86
95
|
#
|
@@ -105,7 +114,8 @@ module OpenGraphReader
|
|
105
114
|
@synthesize_title = false
|
106
115
|
@synthesize_url = false
|
107
116
|
@synthesize_full_url = false
|
108
|
-
@
|
117
|
+
@synthesize_full_image_url = false
|
118
|
+
@synthesize_image_content = false
|
109
119
|
@guess_datetime_format = false
|
110
120
|
end
|
111
121
|
end
|
@@ -13,7 +13,7 @@ module OpenGraphReader
|
|
13
13
|
|
14
14
|
# @!method url(name, options={})
|
15
15
|
# @option options [Bool] :image (false) Mark attribute as image to be eligible
|
16
|
-
# for URL synthesization. See {Configuration#
|
16
|
+
# for URL synthesization. See {Configuration#synthesize_full_image_url}.
|
17
17
|
# @!macro define_type_description
|
18
18
|
# @see http://ogp.me/#url
|
19
19
|
define_type_no_doc :url do |value, options|
|
@@ -21,7 +21,7 @@ module OpenGraphReader
|
|
21
21
|
|
22
22
|
next value if value.start_with?("http://") || value.start_with?("https://")
|
23
23
|
|
24
|
-
if options[:image] && OpenGraphReader.config.
|
24
|
+
if options[:image] && OpenGraphReader.config.synthesize_full_image_url || OpenGraphReader.config.synthesize_full_url
|
25
25
|
unless OpenGraphReader.current_origin
|
26
26
|
next unless options[:required] || !OpenGraphReader.config.discard_invalid_optional_properties
|
27
27
|
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<meta charset="utf-8">
|
5
|
+
<meta property="og:type" content="video" />
|
6
|
+
<meta property="og:site_name" content="ExampleSite" />
|
7
|
+
<meta property="og:title" content="Example Title" />
|
8
|
+
<meta property="og:image:url" content="https://example.com/example.png" />
|
9
|
+
<meta property="og:image:width" content="800" />
|
10
|
+
<meta property="og:image:height" content="600" />
|
11
|
+
<meta property="og:url" content="https://example.com/page" />
|
12
|
+
<meta property="og:description" content="This is an example description for Open Graph tags." />
|
13
|
+
<meta property="og:video:url" content="https://example.com/video" />
|
14
|
+
<meta property="og:video:secure_url" content="https://example.com/video" />
|
15
|
+
<meta property="og:video:type" content="video/mp4" />
|
16
|
+
<meta property="og:video:width" content="640" />
|
17
|
+
<meta property="og:video:height" content="360" />
|
18
|
+
</head>
|
19
|
+
<body></body>
|
20
|
+
</html>
|
@@ -203,7 +203,7 @@ RSpec.describe "real world examples" do
|
|
203
203
|
end
|
204
204
|
|
205
205
|
it "parses with image paths turned on" do
|
206
|
-
OpenGraphReader.config.
|
206
|
+
OpenGraphReader.config.synthesize_full_image_url = true
|
207
207
|
|
208
208
|
object = OpenGraphReader.parse!(
|
209
209
|
fixture_html("real_world/image_path"),
|
@@ -225,7 +225,7 @@ RSpec.describe "real world examples" do
|
|
225
225
|
end
|
226
226
|
|
227
227
|
it "parses with image paths turned on" do
|
228
|
-
OpenGraphReader.config.
|
228
|
+
OpenGraphReader.config.synthesize_full_image_url = true
|
229
229
|
|
230
230
|
object = OpenGraphReader.parse!(
|
231
231
|
fixture_html("real_world/image_path_2"),
|
@@ -276,39 +276,39 @@ RSpec.describe "real world examples" do
|
|
276
276
|
official Git client and all related software that interacts with Git repositories, including \
|
277
277
|
GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, \
|
278
278
|
github.com and GitHub Enterprise are not directly affected.
|
279
|
-
|
279
|
+
|
280
280
|
The vulnerability concerns Git and Git-compatible clients that access Git repositories in a \
|
281
281
|
case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that \
|
282
282
|
will cause Git to overwrite its own .git/config file when cloning or checking out a repository, \
|
283
283
|
leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) \
|
284
284
|
or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux \
|
285
285
|
clients are not affected if they run in a case-sensitive filesystem.
|
286
|
-
|
286
|
+
|
287
287
|
We strongly encourage all users of GitHub and GitHub Enterprise to update their Git clients as \
|
288
288
|
soon as possible, and to be particularly careful when cloning or accessing Git repositories hosted \
|
289
289
|
on unsafe or untrusted hosts.
|
290
|
-
|
290
|
+
|
291
291
|
Repositories hosted on github.com cannot contain any of the malicious trees that trigger the \
|
292
292
|
vulnerability because we now verify and block these trees on push. We have also completed an \
|
293
293
|
automated scan of all existing content on github.com to look for malicious content that might have \
|
294
294
|
been pushed to our site before this vulnerability was discovered. This work is an extension of the \
|
295
295
|
data-quality checks we have always performed on repositories pushed to our servers to protect our \
|
296
296
|
users against malformed or malicious Git data.
|
297
|
-
|
297
|
+
|
298
298
|
Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and \
|
299
299
|
both contain the security fix on the Desktop application itself and on the bundled version of the \
|
300
300
|
Git command-line client.
|
301
|
-
|
301
|
+
|
302
302
|
In addition, the following updated versions of Git address this vulnerability:
|
303
|
-
|
304
|
-
|
303
|
+
|
304
|
+
|
305
305
|
The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, \
|
306
306
|
v1.9.5, v2.0.5, v2.1.4, and v2.2.1).
|
307
307
|
Git for Windows (also known as MSysGit) has released maintenance version 1.9.5.
|
308
308
|
The two major Git libraries, libgit2 and JGit, have released maintenance versions with the fix. \
|
309
309
|
Third party software using these libraries is strongly encouraged to update.
|
310
|
-
|
311
|
-
|
310
|
+
|
311
|
+
|
312
312
|
More details on the vulnerability can be found in the official Git mailing list announcement and on \
|
313
313
|
the git-blame blog.
|
314
314
|
DESCRIPTION
|
@@ -341,39 +341,39 @@ RSpec.describe "real world examples" do
|
|
341
341
|
official Git client and all related software that interacts with Git repositories, including \
|
342
342
|
GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, \
|
343
343
|
github.com and GitHub Enterprise are not directly affected.
|
344
|
-
|
344
|
+
|
345
345
|
The vulnerability concerns Git and Git-compatible clients that access Git repositories in a \
|
346
346
|
case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that \
|
347
347
|
will cause Git to overwrite its own .git/config file when cloning or checking out a repository, \
|
348
348
|
leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) \
|
349
349
|
or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux \
|
350
350
|
clients are not affected if they run in a case-sensitive filesystem.
|
351
|
-
|
351
|
+
|
352
352
|
We strongly encourage all users of GitHub and GitHub Enterprise to update their Git clients as \
|
353
353
|
soon as possible, and to be particularly careful when cloning or accessing Git repositories hosted \
|
354
354
|
on unsafe or untrusted hosts.
|
355
|
-
|
355
|
+
|
356
356
|
Repositories hosted on github.com cannot contain any of the malicious trees that trigger the \
|
357
357
|
vulnerability because we now verify and block these trees on push. We have also completed an \
|
358
358
|
automated scan of all existing content on github.com to look for malicious content that might have \
|
359
359
|
been pushed to our site before this vulnerability was discovered. This work is an extension of the \
|
360
360
|
data-quality checks we have always performed on repositories pushed to our servers to protect our \
|
361
361
|
users against malformed or malicious Git data.
|
362
|
-
|
362
|
+
|
363
363
|
Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and \
|
364
364
|
both contain the security fix on the Desktop application itself and on the bundled version of the \
|
365
365
|
Git command-line client.
|
366
|
-
|
366
|
+
|
367
367
|
In addition, the following updated versions of Git address this vulnerability:
|
368
|
-
|
369
|
-
|
368
|
+
|
369
|
+
|
370
370
|
The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, \
|
371
371
|
v1.9.5, v2.0.5, v2.1.4, and v2.2.1).
|
372
372
|
Git for Windows (also known as MSysGit) has released maintenance version 1.9.5.
|
373
373
|
The two major Git libraries, libgit2 and JGit, have released maintenance versions with the fix. \
|
374
374
|
Third party software using these libraries is strongly encouraged to update.
|
375
|
-
|
376
|
-
|
375
|
+
|
376
|
+
|
377
377
|
More details on the vulnerability can be found in the official Git mailing list announcement and on \
|
378
378
|
the git-blame blog.
|
379
379
|
DESCRIPTION
|
@@ -396,39 +396,39 @@ RSpec.describe "real world examples" do
|
|
396
396
|
official Git client and all related software that interacts with Git repositories, including \
|
397
397
|
GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, \
|
398
398
|
github.com and GitHub Enterprise are not directly affected.
|
399
|
-
|
399
|
+
|
400
400
|
The vulnerability concerns Git and Git-compatible clients that access Git repositories in a \
|
401
401
|
case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that \
|
402
402
|
will cause Git to overwrite its own .git/config file when cloning or checking out a repository, \
|
403
403
|
leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) \
|
404
404
|
or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux \
|
405
405
|
clients are not affected if they run in a case-sensitive filesystem.
|
406
|
-
|
406
|
+
|
407
407
|
We strongly encourage all users of GitHub and GitHub Enterprise to update their Git clients as \
|
408
408
|
soon as possible, and to be particularly careful when cloning or accessing Git repositories hosted \
|
409
409
|
on unsafe or untrusted hosts.
|
410
|
-
|
410
|
+
|
411
411
|
Repositories hosted on github.com cannot contain any of the malicious trees that trigger the \
|
412
412
|
vulnerability because we now verify and block these trees on push. We have also completed an \
|
413
413
|
automated scan of all existing content on github.com to look for malicious content that might have \
|
414
414
|
been pushed to our site before this vulnerability was discovered. This work is an extension of the \
|
415
415
|
data-quality checks we have always performed on repositories pushed to our servers to protect our \
|
416
416
|
users against malformed or malicious Git data.
|
417
|
-
|
417
|
+
|
418
418
|
Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and \
|
419
419
|
both contain the security fix on the Desktop application itself and on the bundled version of the \
|
420
420
|
Git command-line client.
|
421
|
-
|
421
|
+
|
422
422
|
In addition, the following updated versions of Git address this vulnerability:
|
423
|
-
|
424
|
-
|
423
|
+
|
424
|
+
|
425
425
|
The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, \
|
426
426
|
v1.9.5, v2.0.5, v2.1.4, and v2.2.1).
|
427
427
|
Git for Windows (also known as MSysGit) has released maintenance version 1.9.5.
|
428
428
|
The two major Git libraries, libgit2 and JGit, have released maintenance versions with the fix. \
|
429
429
|
Third party software using these libraries is strongly encouraged to update.
|
430
|
-
|
431
|
-
|
430
|
+
|
431
|
+
|
432
432
|
More details on the vulnerability can be found in the official Git mailing list announcement and on \
|
433
433
|
the git-blame blog.
|
434
434
|
DESCRIPTION
|
@@ -444,7 +444,7 @@ RSpec.describe "real world examples" do
|
|
444
444
|
|
445
445
|
it "parses with paths turned on" do
|
446
446
|
OpenGraphReader.config.synthesize_full_url = true
|
447
|
-
OpenGraphReader.config.
|
447
|
+
OpenGraphReader.config.synthesize_full_image_url = true
|
448
448
|
|
449
449
|
object = OpenGraphReader.parse!(
|
450
450
|
fixture_html("real_world/url_path"),
|
@@ -14,4 +14,29 @@ RSpec.describe "test cases" do
|
|
14
14
|
expect(object.og.image.alt).to eq "image:alt"
|
15
15
|
end
|
16
16
|
end
|
17
|
+
|
18
|
+
describe "missing_image" do
|
19
|
+
it "parses" do
|
20
|
+
expect {
|
21
|
+
OpenGraphReader.parse! fixture_html "test_cases/missing_image"
|
22
|
+
}.not_to raise_error
|
23
|
+
end
|
24
|
+
|
25
|
+
it "returns the data" do
|
26
|
+
object = OpenGraphReader.parse!(fixture_html("test_cases/missing_image"))
|
27
|
+
expect(object.og.image.content).to be_nil
|
28
|
+
expect(object.og.image.url).to eq "https://example.com/example.png"
|
29
|
+
end
|
30
|
+
|
31
|
+
context "with image content synthesization enabled" do
|
32
|
+
before do
|
33
|
+
OpenGraphReader.config.synthesize_image_content = true
|
34
|
+
end
|
35
|
+
|
36
|
+
it "returns the synthesized image content" do
|
37
|
+
object = OpenGraphReader.parse!(fixture_html("test_cases/missing_image"))
|
38
|
+
expect(object.og.image.content).to eq "https://example.com/example.png"
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
17
42
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: open_graph_reader
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonne Haß
|
8
8
|
bindir: bin
|
9
9
|
cert_chain: []
|
10
|
-
date:
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
11
11
|
dependencies:
|
12
12
|
- !ruby/object:Gem::Dependency
|
13
13
|
name: faraday
|
@@ -185,6 +185,7 @@ files:
|
|
185
185
|
- spec/fixtures/real_world/unknown_type.html
|
186
186
|
- spec/fixtures/real_world/url_path.html
|
187
187
|
- spec/fixtures/test_cases/image_alt_before_image.html
|
188
|
+
- spec/fixtures/test_cases/missing_image.html
|
188
189
|
- spec/integration/invalid_examples_spec.rb
|
189
190
|
- spec/integration/real_world_spec.rb
|
190
191
|
- spec/integration/test_cases_spec.rb
|
@@ -210,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
210
211
|
- !ruby/object:Gem::Version
|
211
212
|
version: '0'
|
212
213
|
requirements: []
|
213
|
-
rubygems_version: 3.6.
|
214
|
+
rubygems_version: 3.6.7
|
214
215
|
specification_version: 4
|
215
216
|
summary: OpenGraph protocol parser
|
216
217
|
test_files: []
|