diff options
author | Frédéric Guillot <fred@miniflux.net> | 2018-07-04 22:45:44 -0700 |
---|---|---|
committer | Frédéric Guillot <fred@miniflux.net> | 2018-07-04 22:45:44 -0700 |
commit | de1a4aad302e3366b13e683dbe0ca10407a4c57b (patch) | |
tree | 18001b1ade644e87e39e675cdac534ed2307ce16 | |
parent | 6d0dc451e45effc8cbb6953a766b111036d893ce (diff) |
Add support for protocol relative YouTube URLs
-rw-r--r-- | reader/sanitizer/sanitizer.go | 3 | ||||
-rw-r--r-- | reader/sanitizer/sanitizer_test.go | 10 |
2 files changed, 12 insertions, 1 deletions
diff --git a/reader/sanitizer/sanitizer.go b/reader/sanitizer/sanitizer.go index f13681b..b37a9af 100644 --- a/reader/sanitizer/sanitizer.go +++ b/reader/sanitizer/sanitizer.go @@ -17,7 +17,7 @@ import ( ) var ( - youtubeEmbedRegex = regexp.MustCompile(`http[s]?://www\.youtube\.com/embed/(.*)`) + youtubeEmbedRegex = regexp.MustCompile(`//www\.youtube\.com/embed/(.*)`) ) // Sanitize returns safe HTML. @@ -291,6 +291,7 @@ func isBlacklistedResource(src string) bool { func isValidIframeSource(src string) bool { whitelist := []string{ + "//www.youtube.com", "http://www.youtube.com", "https://www.youtube.com", "https://www.youtube-nocookie.com", diff --git a/reader/sanitizer/sanitizer_test.go b/reader/sanitizer/sanitizer_test.go index fab493a..8db0bda 100644 --- a/reader/sanitizer/sanitizer_test.go +++ b/reader/sanitizer/sanitizer_test.go @@ -203,6 +203,16 @@ func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) { } } +func TestReplaceProtocolRelativeYoutubeURL(t *testing.T) { + input := `<iframe src="//www.youtube.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen"></iframe>` + expected := `<iframe src="https://www.youtube-nocookie.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen" sandbox="allow-scripts allow-same-origin"></iframe>` + output := Sanitize("http://example.org/", input) + + if expected != output { + t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) + } +} + func TestReplaceIframeURL(t *testing.T) { input := `<iframe src="https://player.vimeo.com/video/123456?title=0&byline=0"></iframe>` expected := `<iframe src="https://player.vimeo.com/video/123456?title=0&byline=0" sandbox="allow-scripts allow-same-origin"></iframe>` |