REFACTOR: Sanitize all html attributes in new OpenGraph class (#398)

REFACTOR: Sanitize all html attributes in new OpenGraph class (#398)

diff --git a/Gemfile.lock b/Gemfile.lock
index 4e3e87f..f5c6080 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    onebox (1.8.78)
+    onebox (1.8.79)
       htmlentities (~> 4.3)
       moneta (~> 1.0)
       multi_json (~> 1.11)
diff --git a/lib/onebox/engine/amazon_onebox.rb b/lib/onebox/engine/amazon_onebox.rb
index e8c10a1..00cc5d1 100644
--- a/lib/onebox/engine/amazon_onebox.rb
+++ b/lib/onebox/engine/amazon_onebox.rb
@@ -1,4 +1,5 @@
 require 'json'
+require "onebox/open_graph"
 
 module Onebox
   module Engine
@@ -76,7 +77,7 @@ module Onebox
       end
 
       def data
-        og = ::Onebox::Helpers.extract_opengraph(raw)
+        og = ::Onebox::OpenGraph.new(raw)
 
         if raw.at_css('#dp.book_mobile') #printed books
           title = raw.at("h1#title")&.inner_text
@@ -100,7 +101,7 @@ module Onebox
             link: link,
             title: title,
             by_info: authors,
-            image: og[:image] || image,
+            image: og.image || image,
             description: raw.at("#productDescription")&.inner_text,
             rating: "#{rating}#{', ' if rating && (!isbn&.empty? || !price&.empty?)}",
             price: price,
@@ -131,7 +132,7 @@ module Onebox
             link: link,
             title: title,
             by_info: authors,
-            image: og[:image] || image,
+            image: og.image || image,
             description: raw.at("#productDescription")&.inner_text,
             rating: "#{rating}#{', ' if rating && (!asin&.empty? || !price&.empty?)}",
             price: price,
@@ -142,11 +143,11 @@ module Onebox
           }
 
         else
-          title = og[:title] || CGI.unescapeHTML(raw.css("title").inner_text)
+          title = og.title || CGI.unescapeHTML(raw.css("title").inner_text)
           result = {
             link: link,
             title: title,
-            image: og[:image] || image,
+            image: og.image || image,
             price: price
           }
 
@@ -154,7 +155,7 @@ module Onebox
           result[:by_info] = Onebox::Helpers.clean(result[:by_info].inner_html) if result[:by_info]
 
           summary = raw.at("#productDescription")
-          result[:description] = og[:description] || (summary && summary.inner_text)
+          result[:description] = og.description || (summary && summary.inner_text)
         end
 
         result[:price] = nil if result[:price].start_with?("$0") || result[:price] == 0
diff --git a/lib/onebox/engine/audioboom_onebox.rb b/lib/onebox/engine/audioboom_onebox.rb
index 4093d59..a692d68 100644
--- a/lib/onebox/engine/audioboom_onebox.rb
+++ b/lib/onebox/engine/audioboom_onebox.rb
@@ -9,16 +9,14 @@ module Onebox
 
       def placeholder_html
         oembed = get_oembed
-        escaped_src = ::Onebox::Helpers.normalize_url_for_output(oembed[:thumbnail_url])
 
         <<-HTML
-          <img src="#{escaped_src}" style="max-width: #{oembed[:width]}px; max-height: #{oembed[:height]}px;" #{Helpers.title_attr(oembed)}>
+          <img src="#{oembed.thumbnail_url}" style="max-width: #{oembed.width}px; max-height: #{oembed.height}px;" #{oembed.title_attr}>
         HTML
       end
 
       def to_html
-        oembed = get_oembed
-        oembed[:html]
+        get_oembed.html
       end
 
     end
diff --git a/lib/onebox/engine/bandcamp_onebox.rb b/lib/onebox/engine/bandcamp_onebox.rb
index 7dc494d..737cd92 100644
--- a/lib/onebox/engine/bandcamp_onebox.rb
+++ b/lib/onebox/engine/bandcamp_onebox.rb
@@ -9,19 +9,17 @@ module Onebox
 
       def placeholder_html
         og = get_opengraph
-        escaped_src = ::Onebox::Helpers.normalize_url_for_output(og[:image])
-        "<img src='#{escaped_src}' height='#{og[:video_height]}' #{Helpers.title_attr(og)}>"
+        "<img src='#{og.image}' height='#{og.video_height}' #{og.title_attr}>"
       end
 
       def to_html
         og = get_opengraph
-        src = og[:video_secure_url] || og[:video]
-        escaped_src = ::Onebox::Helpers.normalize_url_for_output(src)
+        escaped_src = og.video_secure_url || og.video
 
         <<-HTML
           <iframe src="#{escaped_src}"
-                  width="#{og[:video_width]}"
-                  height="#{og[:video_height]}"
+                  width="#{og.video_width}"
+                  height="#{og.video_height}"
                   scrolling="no"
                   frameborder="0"
                   allowfullscreen>
diff --git a/lib/onebox/engine/cloudapp_onebox.rb b/lib/onebox/engine/cloudapp_onebox.rb
index b8f01fa..3f14e41 100644
--- a/lib/onebox/engine/cloudapp_onebox.rb
+++ b/lib/onebox/engine/cloudapp_onebox.rb
@@ -10,9 +10,9 @@ module Onebox
       def to_html
         og = get_opengraph
 
-        if !Onebox::Helpers::blank?(og[:image])
+        if !og.image.nil?
           return image_html(og)
-        elsif og[:title].to_s[/\.(mp4|ogv|webm)$/]
+        elsif og.title.to_s[/\.(mp4|ogv|webm)$/]
           return video_html(og)
         else
           return link_html(og)
@@ -22,33 +22,27 @@ module Onebox
       private
 
       def link_html(og)
-        escaped_url = ::Onebox::Helpers.normalize_url_for_output(og[:url])
-
         <<-HTML
-            <a href='#{escaped_url}' target='_blank'>
-              #{og[:title]}
+            <a href='#{og.url}' target='_blank'>
+              #{og.title}
             </a>
           HTML
       end
 
       def video_html(og)
-        src = og[:url]
-        title = og[:title]
-        direct_src = ::Onebox::Helpers.normalize_url_for_output("#{src}/#{title}")
+        direct_src = ::Onebox::Helpers.normalize_url_for_output("#{og.get(:url)}/#{og.title}")
 
         <<-HTML
-            <video width='480' height='360' #{Helpers.title_attr(og)} controls loop>
+            <video width='480' height='360' #{og.title_attr} controls loop>
               <source src='#{direct_src}' type='video/mp4'>
             </video>
           HTML
       end
 
       def image_html(og)
-        escaped_url = ::Onebox::Helpers.normalize_url_for_output(og[:url])
-
         <<-HTML
-            <a href='#{escaped_url}' target='_blank' class='onebox'>
-              <img src='#{og[:image]}' #{Helpers.title_attr(og)} alt='CloudApp' width='480'>
+            <a href='#{og.url}' target='_blank' class='onebox'>
+              <img src='#{og.image}' #{og.title_attr} alt='CloudApp' width='480'>
             </a>
           HTML
       end
diff --git a/lib/onebox/engine/coub_onebox.rb b/lib/onebox/engine/coub_onebox.rb
index d6df3d7..6158685 100644
--- a/lib/onebox/engine/coub_onebox.rb
+++ b/lib/onebox/engine/coub_onebox.rb
@@ -9,12 +9,11 @@ module Onebox
 
       def placeholder_html
         oembed = get_oembed
-        escaped_src = ::Onebox::Helpers.normalize_url_for_output(oembed[:thumbnail_url])
-        "<img src='#{escaped_src}' height='#{oembed[:thumbnail_height]}' width='#{oembed[:thumbnail_width]}' #{Helpers.title_attr(oembed)}>"
+        "<img src='#{oembed.thumbnail_url}' height='#{oembed.thumbnail_height}' width='#{oembed.thumbnail_width}' #{oembed.title_attr}>"
       end
 
       def to_html
-        get_oembed[:html]
+        get_oembed.html
       end
 
     end
diff --git a/lib/onebox/engine/five_hundred_px_onebox.rb b/lib/onebox/engine/five_hundred_px_onebox.rb
index 838fa86..0aa44e1 100644
--- a/lib/onebox/engine/five_hundred_px_onebox.rb
+++ b/lib/onebox/engine/five_hundred_px_onebox.rb
@@ -9,8 +9,7 @@ module Onebox
 
       def to_html
         og = get_opengraph
-        escaped_src = ::Onebox::Helpers.normalize_url_for_output(og[:image])
-        "<img src='#{escaped_src}' width='#{og[:image_width]}' height='#{og[:image_height]}' class='onebox' #{Helpers.title_attr(og)}>"
+        "<img src='#{og.image}' width='#{og.image_width}' height='#{og.image_height}' class='onebox' #{og.title_attr}>"
       end
 
     end
diff --git a/lib/onebox/engine/giphy_onebox.rb b/lib/onebox/engine/giphy_onebox.rb
index 6780fe1..668f684 100644
--- a/lib/onebox/engine/giphy_onebox.rb
+++ b/lib/onebox/engine/giphy_onebox.rb

[... diff too long, it was truncated ...]

GitHub sha: f2b361fc

2 Likes

Bump onebox version