trix_embed 0.0.2 → 0.0.3

data/app/javascript/urls.js

@@ -4,10 +4,10 @@
 // @param {Function} callback - Function to be called with the URL object
 // @returns {URL, null} URL object
 //
-export function createURL(value, callback = url => {}) {
+export function createURLObject(value, callback = url => {}) {
   try {
     const url = new URL(String(value).trim())
-    if (callback) callback(url)
+    if (url && callback) callback(url)
     return url
   } catch (_error) {
     console.info(`Failed to parse URL! value='${value}']`)
@@ -21,67 +21,82 @@ export function createURL(value, callback = url => {}) {
 // @param {Function} callback - Function to be called with the URL host
 // @returns {String, null} URL host
 //
-function createURLHost(value, callback = host => {}) {
-  let host = null
-  createURL(value, url => (host = url.host))
+function extractURLHost(value, callback = host => {}) {
+  let host = createURLObject(value)?.host
   if (host && callback) callback(host)
   return host
 }
 
-function extractURLsFromTextNodes(element) {
-  const urls = []
-  const walker = document.createTreeWalker(element, NodeFilter.SHOW_TEXT, node => {
-    const value = node.nodeValue
-    if (!value.includes('http')) return NodeFilter.FILTER_REJECT
-    return NodeFilter.FILTER_ACCEPT
+export function createURLTextNodeTreeWalker(element) {
+  return document.createTreeWalker(element, NodeFilter.SHOW_TEXT, node => {
+    return node.nodeValue.match(/http/gi) ? NodeFilter.FILTER_ACCEPT : NodeFilter.FILTER_SKIP
   })
+}
+
+function extractURLsFromTextNodes(element) {
+  const urls = new Set()
+  const walker = createURLTextNodeTreeWalker(element)
 
   let node
   while ((node = walker.nextNode()))
     node.nodeValue
       .split(/\s+/)
       .filter(val => val.startsWith('http'))
-      .forEach(match =>
-        createURL(match, url => {
-          if (!urls.includes(url.href)) urls.push(url.href)
-        })
-      )
+      .forEach(match => createURLObject(match, url => urls.add(url.href)))
 
-  return urls
+  return [...urls]
 }
 
-function extractURLsFromElements(element) {
-  const urls = []
+export function extractURLFromElement(element) {
+  if (element.src) {
+    const url = element.src.trim()
+    if (url.length) return url
+  }
+
+  if (element.href) {
+    const url = element.href.trim()
+    if (url.length) return url
+  }
 
-  if (element.src) createURL(element.src, url => urls.push(url.href))
-  if (element.href)
-    createURL(element.href, url => {
-      if (!urls.includes(url.href)) urls.push(url.href)
-    })
+  return ''
+}
+
+function extractURLsFromElementNodes(element) {
+  const urls = new Set()
+
+  if (element.src) createURLObject(element.src, url => urls.add(url.href))
+  if (element.href) createURLObject(element.href, url => urls.add(url.href))
 
   const elements = element.querySelectorAll('[src], [href]')
-  elements.forEach(el => {
-    createURL(el.src || el.href, url => {
-      if (!urls.includes(url.href)) urls.push(url.href)
-    })
-  })
+  elements.forEach(el => createURLObject(extractURLFromElement(el), u => urls.add(u.href)))
 
-  return urls
+  return [...urls]
 }
 
-export function validateURL(value, allowedHosts = []) {
-  let valid = false
-  createURLHost(value, host => (valid = !!allowedHosts.find(allowedHost => host.includes(allowedHost))))
-  return valid
+export function validateURL(value, allowedHosts = [], blockedHosts = []) {
+  const host = extractURLHost(value)
+
+  if (blockedHosts.includes('*')) return false
+  if (blockedHosts.find(blockedHosts => host.endsWith(blockedHosts))) return false
+  if (allowedHosts.find(allowedHosts => host.endsWith(allowedHosts))) return true
+
+  if (allowedHosts.includes('*')) {
+    if (host) return true
+    if (value.startsWith('data:')) return true
+    if (value.startsWith('news:')) return true
+    if (value.startsWith('tel:')) return true
+  }
+
+  return false
 }
 
 export function extractURLHosts(values) {
-  return values.reduce((hosts, value) => {
-    createURLHost(value, host => {
-      if (!hosts.includes(host)) hosts.push(host)
-    })
-    return hosts
-  }, [])
+  return [
+    ...values.reduce((hosts, value) => {
+      extractURLHost(value, host => hosts.add(host))
+      return hosts
+    }, new Set())
+  ]
 }
 
 // Extracts all URLs from an HTML element (all inclusive i.e. elements and text nodes)
@@ -89,8 +104,8 @@ export function extractURLHosts(values) {
 // @param {HTMLElement} element - HTML element
 // @returns {String[]} list of unique URLs
 //
-export function extractURLsFromElement(element) {
-  const elementURLs = extractURLsFromElements(element)
+export function extractURLs(element) {
+  const elementURLs = extractURLsFromElementNodes(element)
   const textNodeURLs = extractURLsFromTextNodes(element)
   const uniqueURLs = new Set([...elementURLs, ...textNodeURLs])
   return [...uniqueURLs]

data/app/models/trix_embed/attachment.rb

@@ -6,14 +6,28 @@ module TrixEmbed
     include GlobalID::Identification
     include ActionText::Attachable
 
-    CONTENT_TYPE = "application/vnd.trix-embed"
     ALLOWED_TAGS = ActionText::ContentHelper.allowed_tags + %w[iframe]
-    ALLOWED_ATTRIBUTES = ActionText::ContentHelper.allowed_attributes + %w[allow allowfullscreen allowpaymentrequest credentialless csp loading referrerpolicy sandbox srcdoc]
+    ALLOWED_ATTRIBUTES = (
+      ActionText::ContentHelper.allowed_attributes + %w[
+        allow
+        allowfullscreen
+        allowpaymentrequest
+        credentialless
+        csp
+        data-trix-embed
+        data-trix-embed-error
+        data-trix-embed-prohibited
+        data-trix-embed-warning
+        loading
+        referrerpolicy
+        sandbox
+        srcdoc
+      ]) - %w[class style]
 
     class << self
-      def rewrite_action_text_content(content)
+      def rewrite_for_display(content)
         fragment = Nokogiri::HTML.fragment(content)
-        matches = fragment.css("#{ActionText::Attachment.tag_name}[sgid][content-type='#{CONTENT_TYPE}']")
+        matches = fragment.css("#{ActionText::Attachment.tag_name}[sgid][content-type='#{Mime::Type.lookup_by_extension(:trix_embed_attachment)}']")
 
         matches.each do |match|
           attachment = ActionText::Attachment.from_node(match)
@@ -37,9 +51,9 @@ module TrixEmbed
         fragment.to_html.html_safe
       end
 
-      def rewrite_trix_html(trix_html)
+      def rewrite_for_storage(trix_html)
         fragment = Nokogiri::HTML.fragment(trix_html)
-        matches = fragment.css("[data-trix-attachment][data-trix-content-type='#{CONTENT_TYPE}']")
+        matches = fragment.css("[data-trix-attachment][data-trix-content-type='#{Mime::Type.lookup_by_extension(:trix_embed_attachment)}']")
 
         matches.each do |match|
           data = JSON.parse(match["data-trix-attachment"]).deep_transform_keys(&:underscore)

data/app/views/action_text/contents/_content.html.erb

@@ -1 +1 @@
-<%= TrixEmbed::Attachment.rewrite_action_text_content render_action_text_content(content) %>
+<%= TrixEmbed::Attachment.rewrite_for_display render_action_text_content(content) %>

data/lib/trix_embed/engine.rb

@@ -16,7 +16,7 @@ module TrixEmbed
     config.trix_embed = ActiveSupport::OrderedOptions.new
 
     initializer "trix_embed.configuration" do
-      Mime::Type.register "application/vnd.trix-embed", :trix_embed
+      Mime::Type.register "trix-embed/attachment", :trix_embed_attachment
 
       ActiveSupport.on_load :action_controller do
         helper TrixEmbed::ApplicationHelper

data/lib/trix_embed/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TrixEmbed
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trix_embed
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Nate Hopkins (hopsoft)
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-15 00:00:00.000000000 Z
+date: 2023-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: amazing_print
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -220,6 +234,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rerun
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rexml
   requirement: !ruby/object:Gem::Requirement
@@ -304,7 +332,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: A Stimulus controller to safely embed external media in the Trix editor
+description: Take control over what external links and embedded media is permitted
+  in the Trix editor via copy/paste
 email:
 - natehop@gmail.com
 executables: []
@@ -318,9 +347,12 @@ files:
 - app/helpers/trix_embed/application_helper.rb
 - app/javascript/controller.js
 - app/javascript/encryption.js
+- app/javascript/enumerable.js
+- app/javascript/forms.js
 - app/javascript/guard.js
 - app/javascript/index.js
 - app/javascript/media.js
+- app/javascript/metadata.js
 - app/javascript/renderer.js
 - app/javascript/store.js
 - app/javascript/templates.js
@@ -358,5 +390,6 @@ requirements: []
 rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
-summary: A Stimulus controller to safely embed external media in the Trix editor
+summary: Take control over what external links and embedded media is permitted in
+  the Trix editor via copy/paste
 test_files: []