RubyGems - url_to_media_tag - Versions diffs - 0.1.0 → 0.1.1 - Mend

url_to_media_tag 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/Readme.md +10 -0
data/VERSION +1 -1
data/lib/url_to_media_tag.rb +7 -1
data/spec/spec_helper.rb +12 -1
data/spec/url_to_media_tag_spec.rb +13 -0
data/url_to_media_tag.gemspec +1 -1
metadata +3 -3

data/Readme.md CHANGED Viewed

@@ -15,10 +15,20 @@ Or
 Usage
 =====
+### Convert
     UrlToMediaTag.convert('http://www.youtube.com/watch?v=kW-dS4otEZU') # -> <iframe ...>
     UrlToMediaTag.convert(url, :width => 480, :height => 320)           # -> <iframe ...>
     UrlToMediaTag.convert('no-url')                                     # -> nil
+### Find
+    urls = text.scan(%r{https?://[^\s]*})
+### Replace
+    text_with_embed = text.gsub(%r{https?://[^\s]*}){|url| UrlToMediaTag.convert(url) }
 Alternative
 ===========
  - [auto_html](https://github.com/dejan/auto_html) If you want more fancy stuff like auto-linking + strip-tags + active-record-integration (and more dependencies / C-extensions)

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.1.0
1	+ 0.1.1

data/lib/url_to_media_tag.rb CHANGED Viewed

@@ -9,7 +9,10 @@ module UrlToMediaTag
   def self.convert(url, options={})
     options = DEFAULTS.merge(options)
-    case url
+    # prevent any kind of html or xss
+    return if url.include?('>') or url.include?('<')
+    result = case url
     # youtube
     when /http:\/\/(www.)?youtube\.com\/watch\?v=([A-Za-z0-9._%-]*)(\&\S+)?|http:\/\/(www.)?youtu\.be\/([A-Za-z0-9._%-]*)?/
@@ -33,5 +36,8 @@ module UrlToMediaTag
       %{<iframe src="http://player.vimeo.com/video/#{vimeo_id}#{query_string}" width="#{width}" height="#{height}" frameborder="#{frameborder}"></iframe>}
     end
+    result = result.html_safe if result.respond_to?(:html_safe)
+    result
   end
 end

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,2 +1,13 @@
 $LOAD_PATH.unshift 'lib'
-require 'url_to_media_tag'
+require 'url_to_media_tag'
+class String
+  def html_safe
+    @html_safe = true
+    self
+  end
+  def html_safe?
+    @html_safe
+  end
+end

data/spec/url_to_media_tag_spec.rb CHANGED Viewed

@@ -15,5 +15,18 @@ describe UrlToMediaTag do
       expected = "<iframe src=\"http://player.vimeo.com/video/26881896?title=0&byline=0&portrait=0\" width=\"640\" height=\"480\" frameborder=\"0\"></iframe>"
       UrlToMediaTag.convert('http://vimeo.com/26881896').should == expected
     end
+    it "does not convert unknown" do
+      UrlToMediaTag.convert('xxx').should == nil
+    end
+    it "marks output as html_safe" do
+      UrlToMediaTag.convert('http://vimeo.com/26881896').html_safe?.should == true
+    end
+    it "prevents xss" do
+      UrlToMediaTag.convert('http://vimeo.com/26881896<').should == nil
+      UrlToMediaTag.convert('http://vimeo.com/26881896>').should == nil
+    end
   end
 end

data/url_to_media_tag.gemspec CHANGED Viewed

@@ -5,7 +5,7 @@
 Gem::Specification.new do |s|
   s.name = %q{url_to_media_tag}
-  s.version = "0.1.0"
+  s.version = "0.1.1"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Michael Grosser"]

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: url_to_media_tag
 version: !ruby/object:Gem::Version
-  hash: 27
+  hash: 25
   prerelease:
   segments:
   - 0
   - 1
-  - 0
-  version: 0.1.0
+  - 1
+  version: 0.1.1
 platform: ruby
 authors:
 - Michael Grosser