forks/peertube
1
0
Fork 0
Code Releases Activity

Escape opengraph/oembed tags

Browse source
This commit is contained in:
Chocobozzz 2017-10-17 16:53:10 +02:00
parent c6e0bfbf58
commit 49347a0a8b
No known key found for this signature in database
GPG key ID: 583A612D890159BE
2 changed files with 28 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
server/controllers/client.ts
View file

@ -10,7 +10,7 @@ import {
STATIC_MAX_AGE, STATIC_MAX_AGE,
OPENGRAPH_AND_OEMBED_COMMENT OPENGRAPH_AND_OEMBED_COMMENT
} from '../initializers' } from '../initializers'
import { root, readFileBufferPromise } from '../helpers' import { root, readFileBufferPromise, escapeHTML } from '../helpers'
import { VideoInstance } from '../models' import { VideoInstance } from '../models'
const clientsRouter = express.Router() const clientsRouter = express.Router()
@ -47,21 +47,24 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance
const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName() const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName()
const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid
const videoName = escapeHTML(video.name)
const videoDescription = escapeHTML(video.description)
const openGraphMetaTags = { const openGraphMetaTags = {
'og:type': 'video', 'og:type': 'video',
'og:title': video.name, 'og:title': videoName,
'og:image': previewUrl, 'og:image': previewUrl,
'og:url': videoUrl, 'og:url': videoUrl,
'og:description': video.description, 'og:description': videoDescription,
'name': video.name, 'name': videoName,
'description': video.description, 'description': videoDescription,
'image': previewUrl, 'image': previewUrl,
'twitter:card': 'summary_large_image', 'twitter:card': 'summary_large_image',
'twitter:site': '@Chocobozzz', 'twitter:site': '@Chocobozzz',
'twitter:title': video.name, 'twitter:title': videoName,
'twitter:description': video.description, 'twitter:description': videoDescription,
'twitter:image': previewUrl 'twitter:image': previewUrl
} }
@ -69,7 +72,7 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance
{ {
type: 'application/json+oembed', type: 'application/json+oembed',
href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl), href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl),
title: video.name title: videoName
} }
] ]

17
server/helpers/core-utils.ts
View file

@ -38,6 +38,22 @@ function root () {
return join.apply(null, paths) return join.apply(null, paths)
} }
// Thanks: https://stackoverflow.com/a/12034334
function escapeHTML (stringParam) {
const entityMap = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;',
'/': '&#x2F;',
'`': '&#x60;',
'=': '&#x3D;'
}
return String(stringParam).replace(/[&<>"'`=\/]/g, s => entityMap[s])
}
function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> { function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
return function promisified (): Promise<A> { return function promisified (): Promise<A> {
return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => { return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
@ -101,6 +117,7 @@ const statPromise = promisify1<string, Stats>(stat)
export { export {
isTestInstance, isTestInstance,
root, root,
escapeHTML,
promisify0, promisify0,
promisify1, promisify1,