customembed: drop <object> and <embed>

2021-03-21 21:20:49 -07:00 · 2021-03-21 21:20:49 -07:00 · 182e6f0816
parent 9e5a63d880
commit 182e6f0816
2 changed files with 34 additions and 73 deletions
--- a/src/customembed.js
+++ b/src/customembed.js
@ -20,77 +20,12 @@ function filter(input) {
 }

 function getMeta($) {
-    var tag = $("embed");
-    if (tag.length !== 0) {
-        return filterEmbed(tag[0]);
-    }
-    tag = $("object");
-    if (tag.length !== 0) {
-        return filterObject(tag[0]);
-    }
-    tag = $("iframe");
+    let tag = $("iframe");
    if (tag.length !== 0) {
        return filterIframe(tag[0]);
    }

-    throw new Error("Invalid embed.  Input must be an <iframe>, <object>, or " +
-                    "<embed> tag.");
-}
-
-const ALLOWED_PARAMS = /^(flashvars|bgcolor|movie)$/i;
-function filterEmbed(tag) {
-    if (tag.attribs.type && tag.attribs.type !== "application/x-shockwave-flash") {
-        throw new Error("Invalid embed. Only type 'application/x-shockwave-flash' " +
-                        "is allowed for <embed> tags.");
-    }
-
-    if (!/^https:/.test(tag.attribs.src)) {
-        throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
-    }
-
-    var meta = {
-        embed: {
-            tag: "object",
-            src: tag.attribs.src,
-            params: {}
-        }
-    };
-
-    for (var key in tag.attribs) {
-        if (ALLOWED_PARAMS.test(key)) {
-            meta.embed.params[key] = tag.attribs[key];
-        }
-    }
-
-    return meta;
-}
-
-function filterObject(tag) {
-    if (tag.attribs.type && tag.attribs.type !== "application/x-shockwave-flash") {
-        throw new Error("Invalid embed. Only type 'application/x-shockwave-flash' " +
-                        "is allowed for <object> tags.");
-    }
-
-    if (!/^https:/.test(tag.attribs.data)) {
-        throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
-    }
-
-    var meta = {
-        embed: {
-            tag: "object",
-            src: tag.attribs.data,
-            params: {}
-        }
-    };
-
-    tag.children.forEach(function (child) {
-        if (child.name !== "param") return;
-        if (!ALLOWED_PARAMS.test(child.attribs.name)) return;
-
-        meta.embed.params[child.attribs.name] = child.attribs.value;
-    });
-
-    return meta;
+    throw new Error("Invalid embed.  Input must be an <iframe> tag");
 }

 function filterIframe(tag) {
--- a/test/customembed.js
+++ b/test/customembed.js
@ -1,21 +1,47 @@
 const customembed = require('../lib/customembed');
 const assert = require('assert');
+const crypto = require("crypto");
+
+function sha256(input) {
+    let hash = crypto.createHash('sha256');
+    hash.update(input);
+    return hash.digest('base64');
+}

 describe('customembed', () => {
    describe('#filter', () => {
-        it('rejects plain-HTTP <embed> inputs', () => {
-            const input = '<embed src="http://foo.bar/baz.swf" type="application/x-shockwave-flash"></embed>';
-            assert.throws(() => { customembed.filter(input) }, /must be HTTPS/);
+        it('rejects <embed> inputs', () => {
+            const input = '<embed src="https://example.com/baz.swf" type="application/x-shockwave-flash"></embed>';
+            assert.throws(() => { customembed.filter(input) }, /must be an <iframe>/);
        });

-        it('rejects plain-HTTP <object> inputs', () => {
-            const input = '<object data="http://foo.bar/baz.swf" type="application/x-shockwave-flash"></object>';
-            assert.throws(() => { customembed.filter(input) }, /must be HTTPS/);
+        it('rejects <object> inputs', () => {
+            const input = '<object data="https://example.com/baz.swf" type="application/x-shockwave-flash"></object>';
+            assert.throws(() => { customembed.filter(input) }, /must be an <iframe>/);
        });

        it('rejects plain-HTTP <iframe> inputs', () => {
            const input = '<iframe src="http://foo.bar/baz.swf"></iframe>';
            assert.throws(() => { customembed.filter(input) }, /must be HTTPS/);
        });
+
+        it('accepts a valid iframe', () => {
+            let input = '<iframe src="https://example.com/video.html"</iframe>';
+            const { id, title, seconds, duration, type, meta } = customembed.filter(input).pack();
+            const { embed } = meta;
+
+            assert.strictEqual(id, `cu:${sha256(input)}`);
+            assert.strictEqual(title, 'Custom Media');
+            assert.strictEqual(seconds, 0);
+            assert.strictEqual(duration, '--:--');
+            assert.strictEqual(type, 'cu');
+            assert.deepStrictEqual(
+                embed,
+                {
+                    tag: 'iframe',
+                    src: 'https://example.com/video.html'
+                }
+            );
+        });
    });
 });