You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/02/27 15:48:48 UTC
[1/2] git commit: [#7207] add comment,
support potential future embed source that does not have iframes
Repository: incubator-allura
Updated Branches:
refs/heads/master 6143e75da -> 3422d6803
[#7207] add comment, support potential future embed source that does not have iframes
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/3422d680
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/3422d680
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/3422d680
Branch: refs/heads/master
Commit: 3422d6803c556bf883073fd5b216dde631f68eeb
Parents: 9bdfdd1
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Thu Feb 27 14:47:47 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Thu Feb 27 14:48:37 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/macro.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3422d680/Allura/allura/lib/macro.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/macro.py b/Allura/allura/lib/macro.py
index 2116c23..29181fb 100644
--- a/Allura/allura/lib/macro.py
+++ b/Allura/allura/lib/macro.py
@@ -401,6 +401,7 @@ def embed(url=None):
html = None
if html:
+ # convert iframe src from http to https, to avoid mixed security blocking when used on an https page
html = BeautifulSoup(html)
embed_url = html.find('iframe').get('src')
if embed_url:
@@ -410,6 +411,6 @@ def embed(url=None):
else:
embed_url = embed_url.geturl()
html.find('iframe')['src'] = embed_url
- return jinja2.Markup('<div class="grid-20">%s</div>' % html)
+ return jinja2.Markup('<div class="grid-20">%s</div>' % html)
return '[[embed url=%s]]' % url
[2/2] git commit: [#7202] ticket:548 Use https when embedding youtube
videos
Posted by br...@apache.org.
[#7202] ticket:548 Use https when embedding youtube videos
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/9bdfdd1d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/9bdfdd1d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/9bdfdd1d
Branch: refs/heads/master
Commit: 9bdfdd1db1dd19e896e90011af9dff56a8be0241
Parents: 6143e75
Author: Igor Bondarenko <je...@gmail.com>
Authored: Tue Feb 25 10:34:32 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Thu Feb 27 14:48:37 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/macro.py | 20 ++++++++++++++++++--
Allura/allura/lib/utils.py | 2 +-
Allura/allura/tests/test_globals.py | 2 +-
Allura/allura/tests/test_utils.py | 4 ++--
4 files changed, 22 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/lib/macro.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/macro.py b/Allura/allura/lib/macro.py
index efb1433..2116c23 100644
--- a/Allura/allura/lib/macro.py
+++ b/Allura/allura/lib/macro.py
@@ -23,11 +23,13 @@ import traceback
import oembed
import jinja2
from operator import attrgetter
+from urlparse import urlparse, urlunparse
import pymongo
from pylons import tmpl_context as c, app_globals as g
from pylons import request
from paste.deploy.converters import asint
+from BeautifulSoup import BeautifulSoup
from . import helpers as h
from . import security
@@ -394,6 +396,20 @@ def embed(url=None):
'http://www.youtube.com/oembed', ['http://*.youtube.com/*', 'https://*.youtube.com/*'])
consumer.addEndpoint(endpoint)
try:
- return jinja2.Markup('<div class="grid-20">%s</div>' % consumer.embed(url)['html'])
+ html = consumer.embed(url)['html']
except oembed.OEmbedNoEndpoint:
- return '[[embed url=%s]]' % url
+ html = None
+
+ if html:
+ html = BeautifulSoup(html)
+ embed_url = html.find('iframe').get('src')
+ if embed_url:
+ embed_url = urlparse(embed_url)
+ if embed_url.scheme == 'http':
+ embed_url = urlunparse(['https'] + list(embed_url[1:]))
+ else:
+ embed_url = embed_url.geturl()
+ html.find('iframe')['src'] = embed_url
+ return jinja2.Markup('<div class="grid-20">%s</div>' % html)
+
+ return '[[embed url=%s]]' % url
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/lib/utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 95622c9..ae11ef4 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -543,7 +543,7 @@ class ForgeHTMLSanitizer(_HTMLSanitizer):
def unknown_starttag(self, tag, attrs):
if 'iframe' in self.acceptable_elements:
self.acceptable_elements.remove('iframe')
- if (tag == 'iframe') and (dict(attrs).get('src', '').startswith('http://www.youtube.com/embed/') or
+ if (tag == 'iframe') and (dict(attrs).get('src', '').startswith('https://www.youtube.com/embed/') or
dict(attrs).get('src', '').startswith('https://www.gittip.com/')):
self.acceptable_elements.append('iframe')
_HTMLSanitizer.unknown_starttag(self, tag, attrs)
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/tests/test_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_globals.py b/Allura/allura/tests/test_globals.py
index 704514b..d8f6b52 100644
--- a/Allura/allura/tests/test_globals.py
+++ b/Allura/allura/tests/test_globals.py
@@ -285,7 +285,7 @@ def test_macro_include_extra_br():
def test_macro_embed():
r = g.markdown_wiki.convert(
'[[embed url=http://www.youtube.com/watch?v=kOLpSPEA72U]]')
- assert '''<div class="grid-20"><iframe height="270" src="http://www.youtube.com/embed/kOLpSPEA72U?feature=oembed" width="480"></iframe></div>''' in r
+ assert '''<div class="grid-20"><iframe height="270" src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed" width="480"></iframe></div>''' in r
r = g.markdown_wiki.convert('[[embed url=http://vimeo.com/46163090]]')
assert_equal(
r, '<div class="markdown_content"><p>[[embed url=http://vimeo.com/46163090]]</p></div>')
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/tests/test_utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_utils.py b/Allura/allura/tests/test_utils.py
index 92f1e28..e791503 100644
--- a/Allura/allura/tests/test_utils.py
+++ b/Allura/allura/tests/test_utils.py
@@ -247,6 +247,6 @@ class TestHTMLSanitizer(unittest.TestCase):
def test_html_sanitizer_youtube_iframe(self):
p = utils.ForgeHTMLSanitizer('utf-8', '')
p.feed(
- '<div><iframe src="http://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
+ '<div><iframe src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
assert_equal(
- p.output(), '<div><iframe src="http://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
+ p.output(), '<div><iframe src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')