allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject allura git commit: [#8261] allow youtube-nocookie.com in embed urls, and use that all the time in the iframe output
Date Thu, 15 Nov 2018 16:12:23 GMT
Repository: allura
Updated Branches:
  refs/heads/db/8261 [created] 554c81d14


[#8261] allow youtube-nocookie.com in embed urls, and use that all the time in the iframe
output


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/554c81d1
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/554c81d1
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/554c81d1

Branch: refs/heads/db/8261
Commit: 554c81d140ce56370bcbe664c153921d4a6ed31a
Parents: 8f520ef
Author: Dave Brondsema <dave@brondsema.net>
Authored: Thu Nov 15 11:12:19 2018 -0500
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Thu Nov 15 11:12:19 2018 -0500

----------------------------------------------------------------------
 Allura/allura/lib/macro.py          | 8 ++++++--
 Allura/allura/lib/utils.py          | 4 +++-
 Allura/allura/tests/test_globals.py | 2 +-
 Allura/allura/tests/test_utils.py   | 8 ++++++--
 4 files changed, 16 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/554c81d1/Allura/allura/lib/macro.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/macro.py b/Allura/allura/lib/macro.py
index c65c504..191a413 100644
--- a/Allura/allura/lib/macro.py
+++ b/Allura/allura/lib/macro.py
@@ -447,8 +447,10 @@ def members(limit=20):
 @macro()
 def embed(url=None):
     consumer = oembed.OEmbedConsumer()
-    endpoint = oembed.OEmbedEndpoint(
-        'http://www.youtube.com/oembed', ['http://*.youtube.com/*', 'https://*.youtube.com/*'])
+    endpoint = oembed.OEmbedEndpoint('http://www.youtube.com/oembed',
+                                     ['http://*.youtube.com/*', 'https://*.youtube.com/*',
+                                      'http://*.youtube-nocookie.com/*', 'https://*.youtube-nocookie.com/*',
+                                      ])
     consumer.addEndpoint(endpoint)
     try:
         html = consumer.embed(url)['html']
@@ -460,6 +462,7 @@ def embed(url=None):
         html = html.rstrip(')')
 
         # convert iframe src from http to https, to avoid mixed security blocking when used
on an https page
+        # and convert to youtube-nocookie.com
         html = BeautifulSoup(html)
         embed_url = html.find('iframe').get('src')
         if embed_url:
@@ -468,6 +471,7 @@ def embed(url=None):
                 embed_url = urlunparse(['https'] + list(embed_url[1:]))
             else:
                 embed_url = embed_url.geturl()
+            embed_url = embed_url.replace('www.youtube.com', 'www.youtube-nocookie.com')
             html.find('iframe')['src'] = embed_url
         return jinja2.Markup('<p>%s</p>' % html)
 

http://git-wip-us.apache.org/repos/asf/allura/blob/554c81d1/Allura/allura/lib/utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 7a13f17..feaf25a 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -595,7 +595,9 @@ class ForgeHTMLSanitizerFilter(html5lib.filters.sanitizer.Filter):
         # srcset is used in our own project_list/project_summary widgets which are used as
macros so go through markdown
         self.allowed_attributes = html5lib.filters.sanitizer.allowed_attributes | {(None,
'srcset')}
 
-        self.valid_iframe_srcs = ('https://www.youtube.com/embed/', 'https://www.gittip.com/')
+        self.valid_iframe_srcs = ('https://www.youtube.com/embed/',
+                                  'https://www.youtube-nocookie.com/embed/',
+                                  'https://www.gittip.com/')
         self._prev_token_was_ok_iframe = False
 
     def sanitize_token(self, token):

http://git-wip-us.apache.org/repos/asf/allura/blob/554c81d1/Allura/allura/tests/test_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_globals.py b/Allura/allura/tests/test_globals.py
index c9e68e2..2b1cce2 100644
--- a/Allura/allura/tests/test_globals.py
+++ b/Allura/allura/tests/test_globals.py
@@ -339,7 +339,7 @@ def test_macro_embed(oembed_fetch):
     }
     r = g.markdown_wiki.convert('[[embed url=http://www.youtube.com/watch?v=kOLpSPEA72U]]')
     assert_in('<p><iframe height="270" '
-              'src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed" width="480"></iframe></p>',
+              'src="https://www.youtube-nocookie.com/embed/kOLpSPEA72U?feature=oembed" width="480"></iframe></p>',
               r.replace('\n', ''))
 
 

http://git-wip-us.apache.org/repos/asf/allura/blob/554c81d1/Allura/allura/tests/test_utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_utils.py b/Allura/allura/tests/test_utils.py
index 2b549bf..0afc937 100644
--- a/Allura/allura/tests/test_utils.py
+++ b/Allura/allura/tests/test_utils.py
@@ -273,8 +273,12 @@ class TestHTMLSanitizer(unittest.TestCase):
         walker = self.walker_from_text(
             '<div><iframe src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
         p = utils.ForgeHTMLSanitizerFilter(walker)
-        assert_equal(
-            self.simple_tag_list(p), ['div', 'iframe', 'iframe', 'div'])
+        assert_equal(self.simple_tag_list(p), ['div', 'iframe', 'iframe', 'div'])
+
+        walker = self.walker_from_text(
+            '<div><iframe src="https://www.youtube-nocookie.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
+        p = utils.ForgeHTMLSanitizerFilter(walker)
+        assert_equal(self.simple_tag_list(p), ['div', 'iframe', 'iframe', 'div'])
 
     def test_html_sanitizer_form_elements(self):
         walker = self.walker_from_text('<p>test</p><form method="post" action="http://localhost/foo.php"><input
type=file><input type=text><textarea>asdf</textarea></form>')


Mime
View raw message