Revert "Merge branch 'onebox-safety' of git://github.com/tms/discourse"
This reverts commit7ca57db97a
, reversing changes made tob7e027cfd1
.
This commit is contained in:
parent
d05706f774
commit
ba238f92c2
|
@ -36,14 +36,12 @@ module Oneboxer
|
||||||
if page_html.present?
|
if page_html.present?
|
||||||
doc = Nokogiri::HTML(page_html)
|
doc = Nokogiri::HTML(page_html)
|
||||||
|
|
||||||
if Whitelist.oembed_allowed?(url)
|
# See if if it has an oembed thing we can use
|
||||||
# See if if it has an oembed thing we can use
|
(doc/"link[@type='application/json+oembed']").each do |oembed|
|
||||||
(doc/"link[@type='application/json+oembed']").each do |oembed|
|
return OembedOnebox.new(oembed[:href]).onebox
|
||||||
return OembedOnebox.new(oembed[:href]).onebox
|
end
|
||||||
end
|
(doc/"link[@type='text/json+oembed']").each do |oembed|
|
||||||
(doc/"link[@type='text/json+oembed']").each do |oembed|
|
return OembedOnebox.new(oembed[:href]).onebox
|
||||||
return OembedOnebox.new(oembed[:href]).onebox
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Check for opengraph
|
# Check for opengraph
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/oembed_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class ClikthroughOnebox < OembedOnebox
|
class ClikthroughOnebox < OembedOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?clikthrough\.com\/theater\/video\/\d+$/
|
matcher /clikthrough\.com\/theater\/video\/\d+$/
|
||||||
|
|
||||||
def oembed_endpoint
|
def oembed_endpoint
|
||||||
"http://clikthrough.com/services/oembed?url=#{BaseOnebox.uriencode(@url)}"
|
"http://clikthrough.com/services/oembed?url=#{BaseOnebox.uriencode(@url)}"
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/oembed_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class DailymotionOnebox < OembedOnebox
|
class DailymotionOnebox < OembedOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?dailymotion\.com\/.+$/
|
matcher /dailymotion\.com\/.+$/
|
||||||
|
|
||||||
def oembed_endpoint
|
def oembed_endpoint
|
||||||
"http://www.dailymotion.com/api/oembed/?url=#{BaseOnebox.uriencode(@url)}"
|
"http://www.dailymotion.com/api/oembed/?url=#{BaseOnebox.uriencode(@url)}"
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/oembed_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class DotsubOnebox < OembedOnebox
|
class DotsubOnebox < OembedOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?dotsub\.com\/.+$/
|
matcher /dotsub\.com\/.+$/
|
||||||
|
|
||||||
def oembed_endpoint
|
def oembed_endpoint
|
||||||
"http://dotsub.com/services/oembed?url=#{BaseOnebox.uriencode(@url)}"
|
"http://dotsub.com/services/oembed?url=#{BaseOnebox.uriencode(@url)}"
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/handlebars_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class GithubBlobOnebox < HandlebarsOnebox
|
class GithubBlobOnebox < HandlebarsOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?github\.com\/[^\/]+\/[^\/]+\/blob\/.*/
|
matcher /github\.com\/[^\/]+\/[^\/]+\/blob\/.*/
|
||||||
favicon 'github.png'
|
favicon 'github.png'
|
||||||
|
|
||||||
def translate_url
|
def translate_url
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/oembed_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class KinomapOnebox < OembedOnebox
|
class KinomapOnebox < OembedOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?kinomap\.com/
|
matcher /kinomap\.com/
|
||||||
|
|
||||||
def oembed_endpoint
|
def oembed_endpoint
|
||||||
"http://www.kinomap.com/oembed?url=#{BaseOnebox.uriencode(@url)}&format=json"
|
"http://www.kinomap.com/oembed?url=#{BaseOnebox.uriencode(@url)}&format=json"
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/oembed_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class NfbOnebox < OembedOnebox
|
class NfbOnebox < OembedOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?nfb\.ca\/film\/[-\w]+\/?/
|
matcher /nfb\.ca\/film\/[-\w]+\/?/
|
||||||
|
|
||||||
def oembed_endpoint
|
def oembed_endpoint
|
||||||
"http://www.nfb.ca/remote/services/oembed/?url=#{BaseOnebox.uriencode(@url)}&format=json"
|
"http://www.nfb.ca/remote/services/oembed/?url=#{BaseOnebox.uriencode(@url)}&format=json"
|
||||||
|
|
|
@ -20,7 +20,6 @@ module Oneboxer
|
||||||
|
|
||||||
@opts[:original_url] = @url
|
@opts[:original_url] = @url
|
||||||
@opts[:text] = @opts['description']
|
@opts[:text] = @opts['description']
|
||||||
@opts[:unsafe] = true
|
|
||||||
|
|
||||||
begin
|
begin
|
||||||
parsed = URI.parse(@url)
|
parsed = URI.parse(@url)
|
||||||
|
|
|
@ -12,12 +12,7 @@
|
||||||
{{#image}}<img src="{{image}}" class="thumbnail">{{/image}}
|
{{#image}}<img src="{{image}}" class="thumbnail">{{/image}}
|
||||||
<h3><a href="{{original_url}}" target="_blank">{{title}}</a></h3>
|
<h3><a href="{{original_url}}" target="_blank">{{title}}</a></h3>
|
||||||
{{#by_info}}<h4>{{by_info}}</h4>{{/by_info}}
|
{{#by_info}}<h4>{{by_info}}</h4>{{/by_info}}
|
||||||
{{#unsafe}}
|
{{{text}}}
|
||||||
{{text}}
|
|
||||||
{{/unsafe}}
|
|
||||||
{{^unsafe}}
|
|
||||||
{{{text}}}
|
|
||||||
{{/unsafe}}
|
|
||||||
</div>
|
</div>
|
||||||
<div class='clearfix'></div>
|
<div class='clearfix'></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/oembed_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class ViddlerOnebox < OembedOnebox
|
class ViddlerOnebox < OembedOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?viddler\.com\/.+$/
|
matcher /viddler\.com\/.+$/
|
||||||
|
|
||||||
def oembed_endpoint
|
def oembed_endpoint
|
||||||
"http://lab.viddler.com/services/oembed/?url=#{BaseOnebox.uriencode(@url)}"
|
"http://lab.viddler.com/services/oembed/?url=#{BaseOnebox.uriencode(@url)}"
|
||||||
|
|
|
@ -2,113 +2,84 @@ module Oneboxer
|
||||||
|
|
||||||
module Whitelist
|
module Whitelist
|
||||||
def self.entries
|
def self.entries
|
||||||
[
|
[/cnn\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?cnn\.com\/.+/),
|
/washingtonpost\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?washingtonpost\.com\/.+/),
|
/\/\d{4}\/\d{2}\/\d{2}\//, # wordpress
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?funnyordie\.com\/.+/),
|
/funnyordie\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?youtube\.com\/.+/),
|
/youtube\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?youtu\.be\/.+/),
|
/youtu\.be\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?500px\.com\/.+/),
|
/500px\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?scribd\.com\/.+/),
|
/scribd\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?photobucket\.com\/.+/),
|
/photobucket\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?ebay\.(com|ca|co\.uk)\/.+/),
|
/ebay\.(com|ca|co\.uk)\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?nytimes\.com\/.+/),
|
/nytimes\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?pinterest\.com\/.+/),
|
/tumblr\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?imdb\.com\/.+/),
|
/pinterest\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?bbc\.co\.uk\/.+/),
|
/imdb\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?ask\.com\/.+/),
|
/bbc\.co\.uk\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?huffingtonpost\.com\/.+/),
|
/ask\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?aol\.(com|ca)\/.+/),
|
/huffingtonpost\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?espn\.go\.com\/.+/),
|
/aol\.(com|ca)\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?about\.com\/.+/),
|
/espn\.go\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?cnet\.com\/.+/),
|
/about\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?ehow\.com\/.+/),
|
/cnet\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?dailymail\.co\.uk\/.+/),
|
/ehow\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?indiatimes\.com\/.+/),
|
/dailymail\.co\.uk\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?answers\.com\/.+/),
|
/indiatimes\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?instagr\.am\/.+/),
|
/answers\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?battle\.net\/.+/),
|
/instagr\.am\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?sourceforge\.net\/.+/),
|
/battle\.net\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?myspace\.com\/.+/),
|
/sourceforge\.net\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?wikia\.com\/.+/),
|
/myspace\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?etsy\.com\/.+/),
|
/wikia\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?walmart\.com\/.+/),
|
/etsy\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?reference\.com\/.+/),
|
/walmart\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?yelp\.com\/.+/),
|
/reference\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?foxnews\.com\/.+/),
|
/yelp\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?guardian\.co\.uk\/.+/),
|
/foxnews\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?digg\.com\/.+/),
|
/guardian\.co\.uk\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?squidoo\.com\/.+/),
|
/digg\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?wsj\.com\/.+/),
|
/squidoo\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?archive\.org\/.+/),
|
/wsj\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?nba\.com\/.+/),
|
/archive\.org\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?samsung\.com\/.+/),
|
/nba\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?mashable\.com\/.+/),
|
/samsung\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?forbes\.com\/.+/),
|
/mashable\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?soundcloud\.com\/.+/),
|
/forbes\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?thefreedictionary\.com\/.+/),
|
/soundcloud\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?groupon\.com\/.+/),
|
/thefreedictionary\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?ikea\.com\/.+/),
|
/groupon\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?dell\.com\/.+/),
|
/ikea\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?mlb\.com\/.+/),
|
/dell\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?bestbuy\.(com|ca)\/.+/),
|
/mlb\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?bloomberg\.com\/.+/),
|
/bestbuy\.(com|ca)\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?ign\.com\/.+/),
|
/bloomberg\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?twitpic\.com\/.+/),
|
/ign\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?techcrunch\.com\/.+/),
|
/twitpic\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?usatoday\.com\/.+/),
|
/techcrunch\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?go\.com\/.+/),
|
/usatoday\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?businessinsider\.com\/.+/),
|
/go\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?zillow\.com\/.+/),
|
/businessinsider\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?tmz\.com\/.+/),
|
/zillow\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?thesun\.co\.uk\/.+/),
|
/tmz\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?thestar\.(com|ca)\/.+/),
|
/thesun\.co\.uk\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?theglobeandmail\.com\/.+/),
|
/thestar\.(com|ca)\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?torontosun\.com\/.+/),
|
/theglobeandmail\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?kickstarter\.com\/.+/),
|
/torontosun\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?wired\.com\/.+/),
|
/kickstarter\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?time\.com\/.+/),
|
/wired\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?npr\.org\/.+/),
|
/time\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?cracked\.com\/.+/),
|
/npr\.org\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?deadline\.com\/.+/),
|
/cracked\.com\/.+/,
|
||||||
Entry.new(/^https?:\/\/(?:www\.)?tumblr\.com\/.+/, false),
|
/deadline\.com\/.+/
|
||||||
Entry.new(/\/\d{4}\/\d{2}\/\d{2}\//, false), # wordpress
|
]
|
||||||
]
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.allowed?(url)
|
def self.allowed?(url)
|
||||||
!match(url).nil?
|
#return true
|
||||||
end
|
entries.each {|e| return true if url =~ e }
|
||||||
|
|
||||||
def self.oembed_allowed?(url)
|
|
||||||
unless (e = match(url)).nil?
|
|
||||||
return e.allows_oembed?
|
|
||||||
end
|
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def self.match(url)
|
|
||||||
entries.each {|e| return e if e.matches?(url) }
|
|
||||||
nil
|
|
||||||
end
|
|
||||||
|
|
||||||
class Entry
|
|
||||||
# oembed = false is probably safer, but this is the least-drastic change
|
|
||||||
def initialize(pattern, oembed = true)
|
|
||||||
@pattern = pattern
|
|
||||||
@oembed = oembed
|
|
||||||
end
|
|
||||||
|
|
||||||
def allows_oembed?
|
|
||||||
@oembed
|
|
||||||
end
|
|
||||||
|
|
||||||
def matches?(url)
|
|
||||||
url =~ @pattern
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'oneboxer/oembed_onebox'
|
||||||
module Oneboxer
|
module Oneboxer
|
||||||
class YfrogOnebox < OembedOnebox
|
class YfrogOnebox < OembedOnebox
|
||||||
|
|
||||||
matcher /^https?:\/\/(?:www\.)?yfrog\.(com|ru|com\.tr|it|fr|co\.il|co\.uk|com\.pl|pl|eu|us)\/[a-zA-Z0-9]+/
|
matcher /yfrog\.(com|ru|com\.tr|it|fr|co\.il|co\.uk|com\.pl|pl|eu|us)\/[a-zA-Z0-9]+/
|
||||||
|
|
||||||
def oembed_endpoint
|
def oembed_endpoint
|
||||||
"http://www.yfrog.com/api/oembed/?url=#{BaseOnebox.uriencode(@url)}&format=json"
|
"http://www.yfrog.com/api/oembed/?url=#{BaseOnebox.uriencode(@url)}&format=json"
|
||||||
|
|
Loading…
Reference in New Issue