aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorGravatar Frédéric Guillot <fred@miniflux.net>2018-07-04 22:45:44 -0700
committerGravatar Frédéric Guillot <fred@miniflux.net>2018-07-04 22:45:44 -0700
commitde1a4aad302e3366b13e683dbe0ca10407a4c57b (patch)
tree18001b1ade644e87e39e675cdac534ed2307ce16
parent6d0dc451e45effc8cbb6953a766b111036d893ce (diff)
Add support for protocol relative YouTube URLs
-rw-r--r--reader/sanitizer/sanitizer.go3
-rw-r--r--reader/sanitizer/sanitizer_test.go10
2 files changed, 12 insertions, 1 deletions
diff --git a/reader/sanitizer/sanitizer.go b/reader/sanitizer/sanitizer.go
index f13681b..b37a9af 100644
--- a/reader/sanitizer/sanitizer.go
+++ b/reader/sanitizer/sanitizer.go
@@ -17,7 +17,7 @@ import (
)
var (
- youtubeEmbedRegex = regexp.MustCompile(`http[s]?://www\.youtube\.com/embed/(.*)`)
+ youtubeEmbedRegex = regexp.MustCompile(`//www\.youtube\.com/embed/(.*)`)
)
// Sanitize returns safe HTML.
@@ -291,6 +291,7 @@ func isBlacklistedResource(src string) bool {
func isValidIframeSource(src string) bool {
whitelist := []string{
+ "//www.youtube.com",
"http://www.youtube.com",
"https://www.youtube.com",
"https://www.youtube-nocookie.com",
diff --git a/reader/sanitizer/sanitizer_test.go b/reader/sanitizer/sanitizer_test.go
index fab493a..8db0bda 100644
--- a/reader/sanitizer/sanitizer_test.go
+++ b/reader/sanitizer/sanitizer_test.go
@@ -203,6 +203,16 @@ func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) {
}
}
+func TestReplaceProtocolRelativeYoutubeURL(t *testing.T) {
+ input := `<iframe src="//www.youtube.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen"></iframe>`
+ expected := `<iframe src="https://www.youtube-nocookie.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen" sandbox="allow-scripts allow-same-origin"></iframe>`
+ output := Sanitize("http://example.org/", input)
+
+ if expected != output {
+ t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
+ }
+}
+
func TestReplaceIframeURL(t *testing.T) {
input := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0"></iframe>`
expected := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0" sandbox="allow-scripts allow-same-origin"></iframe>`