From e5f41b8a212210c637afbbf5cdad768256f82bce Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 15 Apr 2014 14:06:51 +1000 Subject: [PATCH] FEATURE: whitelist and blacklist selectors for embeds --- Gemfile | 6 +++++- Gemfile.lock | 4 ++-- app/models/topic_embed.rb | 14 ++++++++++---- config/locales/server.en.yml | 2 ++ config/site_settings.yml | 2 ++ 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 5b2f4f99a..3a1b16d5e 100644 --- a/Gemfile +++ b/Gemfile @@ -215,7 +215,11 @@ gem 'puma', require: false gem 'rbtrace', require: false, platform: :mri # required for feed importing and embedding -gem 'ruby-readability', require: false +# +# temporary when this is merged https://github.com/cantino/ruby-readability/pull/70 +# get rid of this +gem 'ruby-readability-discourse', require: false + gem 'simple-rss', require: false gem 'gctools', require: false, platform: :mri_21 gem 'stackprof', require: false, platform: :mri_21 diff --git a/Gemfile.lock b/Gemfile.lock index f1b81cd9b..0dc855c39 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -298,7 +298,7 @@ GEM rspec-mocks (~> 2.14.0) ruby-hmac (0.4.0) ruby-openid (2.5.0) - ruby-readability (0.6.0) + ruby-readability-discourse (0.6.1) guess_html_encoding (>= 0.0.4) nokogiri (>= 1.4.2) sanitize (2.1.0) @@ -457,7 +457,7 @@ DEPENDENCIES rinku rspec-given rspec-rails - ruby-readability + ruby-readability-discourse sanitize sass sass-rails (~> 4.0.2) diff --git a/app/models/topic_embed.rb b/app/models/topic_embed.rb index c7c4cf290..0c9c918f6 100644 --- a/app/models/topic_embed.rb +++ b/app/models/topic_embed.rb @@ -64,10 +64,16 @@ class TopicEmbed < ActiveRecord::Base url = normalize_url(url) original_uri = URI.parse(url) - doc = Readability::Document.new(open(url).read, - tags: %w[div p code pre h1 h2 h3 b em i strong a img ul li ol blockquote], - attributes: %w[href src], - remove_empty_nodes: false) + opts = { + tags: %w[div p code pre h1 h2 h3 b em i strong a img ul li ol blockquote], + attributes: %w[href src], + remove_empty_nodes: false + } + + opts[:whitelist] = SiteSetting.embed_whitelist_selector if SiteSetting.embed_whitelist_selector.present? + opts[:blacklist] = SiteSetting.embed_blacklist_selector if SiteSetting.embed_blacklist_selector.present? + + doc = Readability::Document.new(open(url).read, opts) tags = {'img' => 'src', 'script' => 'src', 'a' => 'href'} title = doc.title diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index ac7c7c886..c53b1c01a 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -870,6 +870,8 @@ en: embed_truncate: "Truncate the imported posts" embed_category: "Category of created topics" embed_post_limit: "Maximum number of posts to embed" + embed_whitelist_selector: "css selector for elements that are allowed in embeds" + embed_blacklist_selector: "css selector for elements that are removed from embeds" tos_accept_required: "If enabled, users will need to check a box on the signup form to confirm that they accept the terms of service. Edit 'Signup Form: Terms of Service Message' in the Content tab to change the message." notify_about_flags_after: "If there are flags that haven't been handled after this many hours, send an email to the contact_email. Set to 0 to disable." diff --git a/config/site_settings.yml b/config/site_settings.yml index 49c024f53..b12808c98 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -425,6 +425,8 @@ embedding: embed_category: '' embed_post_limit: 100 embed_truncate: false + embed_whitelist_selector: '' + embed_blacklist_selector: '' legal: tos_url: