qiita-markdown 0.34.0 → 0.35.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/qiita/markdown/transformers/filter_iframe.rb +1 -1
- data/lib/qiita/markdown/version.rb +1 -1
- data/spec/qiita/markdown/processor_spec.rb +131 -60
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 23da6f6f9b37dafcbe18164c13d4531998cfca14e0891801b4e8a1fdab6d625c
|
4
|
+
data.tar.gz: 620e9a413d9d0649511a883d40c4a398260f739a2c01774645d1e717421d54f5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f2cfa06b888dd9e08a22a88b822a7a280afec1289c1f9f3833c64692e37edc3b637c26739ab1f607c2e4cab1da1559510bc7a63836e462dc3c4dcc81f4da8343
|
7
|
+
data.tar.gz: 125ff10aa432f848e8c790f497f2467f1f825431b1cdeed1a085f14da230fdc5800c752a64b86f90d5e4acf36fc4f4c8b9e2efd30f808cee6ac713b32ffc0b01
|
data/CHANGELOG.md
CHANGED
@@ -43,7 +43,7 @@ module Qiita
|
|
43
43
|
def host_of(url)
|
44
44
|
if url
|
45
45
|
scheme = URI.parse(url).scheme
|
46
|
-
Addressable::URI.parse(url).host if ["http", "https"].include? scheme
|
46
|
+
Addressable::URI.parse(url).host if ["http", "https", nil].include? scheme
|
47
47
|
end
|
48
48
|
rescue Addressable::URI::InvalidURIError, URI::InvalidURIError
|
49
49
|
nil
|
@@ -1144,12 +1144,13 @@ describe Qiita::Markdown::Processor do
|
|
1144
1144
|
end
|
1145
1145
|
|
1146
1146
|
shared_examples_for "iframe element" do |allowed:|
|
1147
|
-
|
1147
|
+
shared_examples "iframe element example" do
|
1148
1148
|
let(:markdown) do
|
1149
1149
|
<<-MARKDOWN.strip_heredoc
|
1150
|
-
<iframe width="1" height="2" src="
|
1150
|
+
<iframe width="1" height="2" src="#{url}" frameborder="0" allowfullscreen></iframe>
|
1151
1151
|
MARKDOWN
|
1152
1152
|
end
|
1153
|
+
let(:url) { "#{scheme}//example.com" }
|
1153
1154
|
|
1154
1155
|
if allowed
|
1155
1156
|
it "allows iframe with some attributes" do
|
@@ -1161,6 +1162,20 @@ describe Qiita::Markdown::Processor do
|
|
1161
1162
|
end
|
1162
1163
|
end
|
1163
1164
|
end
|
1165
|
+
|
1166
|
+
context "with iframe" do
|
1167
|
+
context "with scheme" do
|
1168
|
+
let(:scheme) { "https:" }
|
1169
|
+
|
1170
|
+
include_examples "iframe element example"
|
1171
|
+
end
|
1172
|
+
|
1173
|
+
context "without scheme" do
|
1174
|
+
let(:scheme) { "" }
|
1175
|
+
|
1176
|
+
include_examples "iframe element example"
|
1177
|
+
end
|
1178
|
+
end
|
1164
1179
|
end
|
1165
1180
|
|
1166
1181
|
shared_examples_for "input element" do |allowed:|
|
@@ -1452,91 +1467,137 @@ describe Qiita::Markdown::Processor do
|
|
1452
1467
|
end
|
1453
1468
|
|
1454
1469
|
context "with HTML embed code for Youtube" do
|
1455
|
-
|
1456
|
-
|
1457
|
-
|
1458
|
-
|
1459
|
-
|
1470
|
+
shared_examples "embed code youtube example" do
|
1471
|
+
let(:markdown) do
|
1472
|
+
<<-MARKDOWN.strip_heredoc
|
1473
|
+
<iframe width="100" height="100" src="#{url}"></iframe>
|
1474
|
+
MARKDOWN
|
1475
|
+
end
|
1476
|
+
let(:url) { "#{scheme}//www.youtube.com/embed/example" }
|
1460
1477
|
|
1461
|
-
|
1462
|
-
|
1463
|
-
|
1464
|
-
|
1465
|
-
|
1478
|
+
if allowed
|
1479
|
+
it "does not sanitize embed code" do
|
1480
|
+
should eq <<-HTML.strip_heredoc
|
1481
|
+
<iframe width="100" height="100" src="#{url}"></iframe>
|
1482
|
+
HTML
|
1483
|
+
end
|
1484
|
+
else
|
1485
|
+
it "forces width attribute on iframe" do
|
1486
|
+
should eq <<-HTML.strip_heredoc
|
1487
|
+
<iframe width="100%" height="100" src="#{url}"></iframe>
|
1488
|
+
HTML
|
1489
|
+
end
|
1466
1490
|
end
|
1467
|
-
|
1468
|
-
|
1469
|
-
|
1470
|
-
|
1471
|
-
|
1491
|
+
|
1492
|
+
context "when url is privacy enhanced mode" do
|
1493
|
+
let(:markdown) do
|
1494
|
+
<<-MARKDOWN.strip_heredoc
|
1495
|
+
<iframe width="100" height="100" src="#{url}"></iframe>
|
1496
|
+
MARKDOWN
|
1497
|
+
end
|
1498
|
+
let(:url) { "#{scheme}//www.youtube-nocookie.com/embed/example" }
|
1499
|
+
|
1500
|
+
if allowed
|
1501
|
+
it "does not sanitize embed code" do
|
1502
|
+
should eq <<-HTML.strip_heredoc
|
1503
|
+
<iframe width="100" height="100" src="#{url}"></iframe>
|
1504
|
+
HTML
|
1505
|
+
end
|
1506
|
+
else
|
1507
|
+
it "forces width attribute on iframe" do
|
1508
|
+
should eq <<-HTML.strip_heredoc
|
1509
|
+
<iframe width="100%" height="100" src="#{url}"></iframe>
|
1510
|
+
HTML
|
1511
|
+
end
|
1512
|
+
end
|
1472
1513
|
end
|
1473
1514
|
end
|
1474
1515
|
|
1475
|
-
context "
|
1516
|
+
context "with scheme" do
|
1517
|
+
let(:scheme) { "https:" }
|
1518
|
+
|
1519
|
+
include_examples "embed code youtube example"
|
1520
|
+
end
|
1521
|
+
|
1522
|
+
context "without scheme" do
|
1523
|
+
let(:scheme) { "" }
|
1524
|
+
|
1525
|
+
include_examples "embed code youtube example"
|
1526
|
+
end
|
1527
|
+
end
|
1528
|
+
|
1529
|
+
context "with HTML embed code for SlideShare" do
|
1530
|
+
shared_examples "embed code slideshare example" do
|
1476
1531
|
let(:markdown) do
|
1477
1532
|
<<-MARKDOWN.strip_heredoc
|
1478
|
-
<iframe width="100" height="100" src="
|
1533
|
+
<iframe width="100" height="100" src="#{url}"></iframe>
|
1479
1534
|
MARKDOWN
|
1480
1535
|
end
|
1536
|
+
let(:url) { "#{scheme}//www.slideshare.net/embed/example" }
|
1481
1537
|
|
1482
1538
|
if allowed
|
1483
1539
|
it "does not sanitize embed code" do
|
1484
1540
|
should eq <<-HTML.strip_heredoc
|
1485
|
-
<iframe width="100" height="100" src="
|
1541
|
+
<iframe width="100" height="100" src="#{url}"></iframe>
|
1486
1542
|
HTML
|
1487
1543
|
end
|
1488
1544
|
else
|
1489
1545
|
it "forces width attribute on iframe" do
|
1490
1546
|
should eq <<-HTML.strip_heredoc
|
1491
|
-
<iframe width="100%" height="100" src="
|
1547
|
+
<iframe width="100%" height="100" src="#{url}"></iframe>
|
1492
1548
|
HTML
|
1493
1549
|
end
|
1494
1550
|
end
|
1495
1551
|
end
|
1496
|
-
end
|
1497
1552
|
|
1498
|
-
|
1499
|
-
|
1500
|
-
|
1501
|
-
|
1502
|
-
MARKDOWN
|
1553
|
+
context "with scheme" do
|
1554
|
+
let(:scheme) { "https:" }
|
1555
|
+
|
1556
|
+
include_examples "embed code slideshare example"
|
1503
1557
|
end
|
1504
1558
|
|
1505
|
-
|
1506
|
-
|
1507
|
-
|
1508
|
-
|
1509
|
-
HTML
|
1510
|
-
end
|
1511
|
-
else
|
1512
|
-
it "forces width attribute on iframe" do
|
1513
|
-
should eq <<-HTML.strip_heredoc
|
1514
|
-
<iframe width="100%" height="100" src="https://www.slideshare.net/embed/example"></iframe>
|
1515
|
-
HTML
|
1516
|
-
end
|
1559
|
+
context "without scheme" do
|
1560
|
+
let(:scheme) { "" }
|
1561
|
+
|
1562
|
+
include_examples "embed code slideshare example"
|
1517
1563
|
end
|
1518
1564
|
end
|
1519
1565
|
|
1520
1566
|
context "with HTML embed code for GoogleSlide" do
|
1521
|
-
|
1522
|
-
|
1523
|
-
|
1524
|
-
|
1525
|
-
|
1526
|
-
|
1527
|
-
if allowed
|
1528
|
-
it "does not sanitize embed code" do
|
1529
|
-
should eq <<-HTML.strip_heredoc
|
1530
|
-
<iframe src="https://docs.google.com/presentation/d/example/embed" frameborder="0" width="482" height="300" allowfullscreen="true"></iframe>
|
1531
|
-
HTML
|
1567
|
+
shared_examples "embed code googleslide example" do
|
1568
|
+
let(:markdown) do
|
1569
|
+
<<-MARKDOWN.strip_heredoc
|
1570
|
+
<iframe src="#{url}" frameborder="0" width="482" height="300" allowfullscreen="true" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe>
|
1571
|
+
MARKDOWN
|
1532
1572
|
end
|
1533
|
-
|
1534
|
-
|
1535
|
-
|
1536
|
-
|
1537
|
-
|
1573
|
+
let(:url) { "#{scheme}//docs.google.com/presentation/d/example/embed" }
|
1574
|
+
|
1575
|
+
if allowed
|
1576
|
+
it "does not sanitize embed code" do
|
1577
|
+
should eq <<-HTML.strip_heredoc
|
1578
|
+
<iframe src="#{url}" frameborder="0" width="482" height="300" allowfullscreen="true"></iframe>
|
1579
|
+
HTML
|
1580
|
+
end
|
1581
|
+
else
|
1582
|
+
it "forces width attribute on iframe" do
|
1583
|
+
should eq <<-HTML.strip_heredoc
|
1584
|
+
<iframe src="#{url}" frameborder="0" width="100%" height="300" allowfullscreen="true"></iframe>
|
1585
|
+
HTML
|
1586
|
+
end
|
1538
1587
|
end
|
1539
1588
|
end
|
1589
|
+
|
1590
|
+
context "with scheme" do
|
1591
|
+
let(:scheme) { "https:" }
|
1592
|
+
|
1593
|
+
include_examples "embed code googleslide example"
|
1594
|
+
end
|
1595
|
+
|
1596
|
+
context "without scheme" do
|
1597
|
+
let(:scheme) { "" }
|
1598
|
+
|
1599
|
+
include_examples "embed code googleslide example"
|
1600
|
+
end
|
1540
1601
|
end
|
1541
1602
|
|
1542
1603
|
context "with HTML embed code for SpeekerDeck" do
|
@@ -1582,11 +1643,15 @@ describe Qiita::Markdown::Processor do
|
|
1582
1643
|
<<-MARKDOWN.strip_heredoc
|
1583
1644
|
<script async class="speakerdeck-embed" data-id="example" data-ratio="1.33333333333333" src="javascript://speakerdeck.com/assets/embed.js"></script>
|
1584
1645
|
MARKDOWN
|
1646
|
+
end
|
1585
1647
|
|
1648
|
+
if allowed
|
1649
|
+
it "does not sanitize embed code" do
|
1650
|
+
should eq markdown
|
1651
|
+
end
|
1652
|
+
else
|
1586
1653
|
it "forces width attribute on iframe" do
|
1587
|
-
should eq
|
1588
|
-
\n
|
1589
|
-
HTML
|
1654
|
+
should eq "\n"
|
1590
1655
|
end
|
1591
1656
|
end
|
1592
1657
|
end
|
@@ -1596,12 +1661,18 @@ describe Qiita::Markdown::Processor do
|
|
1596
1661
|
<<-MARKDOWN.strip_heredoc
|
1597
1662
|
<iframe src="javascript://docs.google.com:80/%0d%0aalert(document.domain)" frameborder="0" width="482" height="300" allowfullscreen="true" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe>
|
1598
1663
|
MARKDOWN
|
1664
|
+
end
|
1599
1665
|
|
1600
|
-
|
1666
|
+
if allowed
|
1667
|
+
it "does not sanitize embed code" do
|
1601
1668
|
should eq <<-HTML.strip_heredoc
|
1602
|
-
|
1669
|
+
<iframe src="javascript://docs.google.com:80/%0d%0aalert(document.domain)" frameborder="0" width="482" height="300" allowfullscreen="true"></iframe>
|
1603
1670
|
HTML
|
1604
1671
|
end
|
1672
|
+
else
|
1673
|
+
it "forces width attribute on iframe" do
|
1674
|
+
should eq "\n"
|
1675
|
+
end
|
1605
1676
|
end
|
1606
1677
|
end
|
1607
1678
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: qiita-markdown
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.35.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryo Nakamura
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-04-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gemoji
|