diff --git a/app/helpers/markdownify_helper.rb b/app/helpers/markdownify_helper.rb index 4b87e6210..eba13fc7d 100644 --- a/app/helpers/markdownify_helper.rb +++ b/app/helpers/markdownify_helper.rb @@ -19,7 +19,6 @@ module MarkdownifyHelper render_options[:filter_html] = true render_options[:hard_wrap] ||= true - # This ugly little hack basically means # "Give me the rawest contents of target available" if target.respond_to?(:raw_message) @@ -34,8 +33,10 @@ module MarkdownifyHelper #renderer = Redcarpet::Render::HTML.new(render_options) if render_options[:oembed] + puts "oembed" renderer = Diaspora::Markdownify::HTMLwithOEmbed.new(render_options) else + puts "not oembed" renderer = Diaspora::Markdownify::HTML.new(render_options) end markdown = Redcarpet::Markdown.new(renderer, markdown_options) diff --git a/lib/diaspora/markdownify.rb b/lib/diaspora/markdownify.rb index bdd24da54..5958b195b 100644 --- a/lib/diaspora/markdownify.rb +++ b/lib/diaspora/markdownify.rb @@ -7,8 +7,74 @@ module Diaspora include ActionView::Helpers::TagHelper def autolink(link, type) - auto_link(link, :link => :urls) + auto_link(link, :link => :urls, :html => { :target => "_blank" }) end end + + class HTMLwithOEmbed < Redcarpet::Render::HTML + include ActionView::Helpers::UrlHelper + include ActionView::Helpers::TextHelper + include ActionView::Helpers::TagHelper + include ActionView::Helpers::AssetTagHelper + include ActionView::Helpers::RawOutputHelper + + def autolink(link, type) + #auto_link(link, :link => :urls, :html => { :target => "_blank" }) + + title = link + url = auto_link(link, :link => :urls).scan(/href=["']?((?:.(?!["']?\s+(?:\S+)=|[>"']))+.)["']?/).first.first + url = CGI::unescapeHTML(url) + + # SECURITY NOTICE! CROSS-SITE SCRIPTING! + # these endpoints may inject html code into our page + secure_endpoints = [::OEmbed::Providers::Youtube.endpoint, + ::OEmbed::Providers::Viddler.endpoint, + ::OEmbed::Providers::Qik.endpoint, + ::OEmbed::Providers::Revision3.endpoint, + ::OEmbed::Providers::Hulu.endpoint, + ::OEmbed::Providers::Vimeo.endpoint, + 'http://soundcloud.com/oembed', + ] + + # note that 'trusted_endpoint_url' is the only information + # in OEmbed that we can trust. anything else may be spoofed! + cache = OEmbedCache.find_by_url(url) + if not cache.nil? and cache.data.has_key?('type') + case cache.data['type'] + when 'video', 'rich' + if secure_endpoints.include?(cache.data['trusted_endpoint_url']) and cache.data.has_key?('html') + rep = raw(cache.data['html']) + elsif cache.data.has_key?('thumbnail_url') + img_options = {} + img_options.merge!({:height => cache.data['thumbnail_height'], + :width => cache.data['thumbnail_width']}) if cache.data.has_key?('thumbnail_width') and cache.data.has_key?('thumbnail_height') + img_options[:alt] = cache.data['title'] if cache.data.has_key?('title') + rep = link_to(image_tag(cache.data['thumbnail_url'], img_options), + url, :target => '_blank') + end + + when 'photo' + if cache.data.has_key?('url') + img_options = {} + img_options.merge!({:height => cache.data['height'], + :width => cache.data['width']}) if cache.data.has_key?('width') and cache.data.has_key?('height') + img_options[:alt] = cache.data['title'] if cache.data.has_key?('title') + rep = link_to(image_tag(cache.data['url'], img_options), + url, :target => '_blank') + end + else + puts "mega derp" + end + + title = cache.data['title'] \ + if cache.data.has_key?('title') and \ + not cache.data['title'].blank? + end + + rep ||= link_to(title, url, :target => '_blank') if rep.blank? + return rep + end + end +>>>>>>> wip end end