Home Explore Help
Sign In
LBP
/
miniflux_v2
mirror of https://github.com/miniflux/v2.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Rewrite iframe Youtube URLs to https://www.youtube-nocookie.com

Frédéric Guillot 7 years ago
parent
36dab8b518
commit
c719cf7df0
2 changed files with 71 additions and 2 deletions
Unified View Show Diff Stats
  1. 21 2
      reader/sanitizer/sanitizer.go
  2. 50 0
      reader/sanitizer/sanitizer_test.go

+ 21 - 2
reader/sanitizer/sanitizer.go
View File 

@@ -8,6 +8,7 @@ import (
 
 	"bytes"
 
 	"bytes"
 
 	"fmt"
 
 	"fmt"
 
 	"io"
 
 	"io"
 
+	"regexp"
 
 	"strings"
 
 	"strings"
 
 
 
 	"github.com/miniflux/miniflux/url"
 
 	"github.com/miniflux/miniflux/url"
 
@@ -15,6 +16,10 @@ import (
 
 	"golang.org/x/net/html"
 
 	"golang.org/x/net/html"
 
 )
 
 )
 
 
 
+var (
 
+	youtubeEmbedRegex = regexp.MustCompile(`http[s]?://www\.youtube\.com/embed/(.*)`)
 
+)
 
+
 
 // Sanitize returns safe HTML.
 
 // Sanitize returns safe HTML.
 
 func Sanitize(baseURL, input string) string {
 
 func Sanitize(baseURL, input string) string {
 
 	tokenizer := html.NewTokenizer(bytes.NewBufferString(input))
 
 	tokenizer := html.NewTokenizer(bytes.NewBufferString(input))
 
@@ -85,8 +90,12 @@ func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute) ([
 
 		}
 
 		}
 
 
 
 		if isExternalResourceAttribute(attribute.Key) {
 
 		if isExternalResourceAttribute(attribute.Key) {
 
-			if tagName == "iframe" && !isValidIframeSource(attribute.Val) {
 
-				continue
 
+			if tagName == "iframe" {
 
+				if isValidIframeSource(attribute.Val) {
 
+					value = rewriteIframeURL(attribute.Val)
 
+				} else {
 
+					continue
 
+				}
 
 			} else {
 
 			} else {
 
 				value, err = url.AbsoluteURL(baseURL, value)
 
 				value, err = url.AbsoluteURL(baseURL, value)
 
 				if err != nil {
 
 				if err != nil {
 
@@ -274,6 +283,7 @@ func isValidIframeSource(src string) bool {
 
 	whitelist := []string{
 
 	whitelist := []string{
 
 		"http://www.youtube.com",
 
 		"http://www.youtube.com",
 
 		"https://www.youtube.com",
 
 		"https://www.youtube.com",
 
+		"https://www.youtube-nocookie.com",
 
 		"http://player.vimeo.com",
 
 		"http://player.vimeo.com",
 
 		"https://player.vimeo.com",
 
 		"https://player.vimeo.com",
 
 		"http://www.dailymotion.com",
 
 		"http://www.dailymotion.com",
 
@@ -365,3 +375,12 @@ func inList(needle string, haystack []string) bool {
 
 
 
 	return false
 
 	return false
 
 }
 
 }
 
+
 
+func rewriteIframeURL(link string) string {
 
+	matches := youtubeEmbedRegex.FindStringSubmatch(link)
 
+	if len(matches) == 2 {
 
+		return `https://www.youtube-nocookie.com/embed/` + matches[1]
 
+	}
 
+
 
+	return link
 
+}

+ 50 - 0
reader/sanitizer/sanitizer_test.go
View File 

@@ -162,3 +162,53 @@ func TestEspaceAttributes(t *testing.T) {
 
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 
 	}
 
 	}
 
 }
 
 }
 
+
 
+func TestReplaceYoutubeURL(t *testing.T) {
 
+	input := `<iframe src="http://www.youtube.com/embed/test123?version=3&#038;rel=1&#038;fs=1&#038;autohide=2&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent"></iframe>`
 
+	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123?version=3&amp;rel=1&amp;fs=1&amp;autohide=2&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent"></iframe>`
 
+	output := Sanitize("http://example.org/", input)
 
+
 
+	if expected != output {
 
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 
+	}
 
+}
 
+
 
+func TestReplaceSecureYoutubeURL(t *testing.T) {
 
+	input := `<iframe src="https://www.youtube.com/embed/test123"></iframe>`
 
+	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123"></iframe>`
 
+	output := Sanitize("http://example.org/", input)
 
+
 
+	if expected != output {
 
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 
+	}
 
+}
 
+
 
+func TestReplaceSecureYoutubeURLWithParameters(t *testing.T) {
 
+	input := `<iframe src="https://www.youtube.com/embed/test123?rel=0&amp;controls=0"></iframe>`
 
+	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123?rel=0&amp;controls=0"></iframe>`
 
+	output := Sanitize("http://example.org/", input)
 
+
 
+	if expected != output {
 
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 
+	}
 
+}
 
+
 
+func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) {
 
+	input := `<iframe src="https://www.youtube-nocookie.com/embed/test123?rel=0&amp;controls=0"></iframe>`
 
+	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123?rel=0&amp;controls=0"></iframe>`
 
+	output := Sanitize("http://example.org/", input)
 
+
 
+	if expected != output {
 
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 
+	}
 
+}
 
+
 
+func TestReplaceIframeURL(t *testing.T) {
 
+	input := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0"></iframe>`
 
+	expected := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0"></iframe>`
 
+	output := Sanitize("http://example.org/", input)
 
+
 
+	if expected != output {
 
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 
+	}
 
+}