Escape opengraph/oembed tags
This commit is contained in:
parent
c6e0bfbf58
commit
49347a0a8b
2 changed files with 28 additions and 8 deletions
|
@ -10,7 +10,7 @@ import {
|
|||
STATIC_MAX_AGE,
|
||||
OPENGRAPH_AND_OEMBED_COMMENT
|
||||
} from '../initializers'
|
||||
import { root, readFileBufferPromise } from '../helpers'
|
||||
import { root, readFileBufferPromise, escapeHTML } from '../helpers'
|
||||
import { VideoInstance } from '../models'
|
||||
|
||||
const clientsRouter = express.Router()
|
||||
|
@ -47,21 +47,24 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance
|
|||
const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName()
|
||||
const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid
|
||||
|
||||
const videoName = escapeHTML(video.name)
|
||||
const videoDescription = escapeHTML(video.description)
|
||||
|
||||
const openGraphMetaTags = {
|
||||
'og:type': 'video',
|
||||
'og:title': video.name,
|
||||
'og:title': videoName,
|
||||
'og:image': previewUrl,
|
||||
'og:url': videoUrl,
|
||||
'og:description': video.description,
|
||||
'og:description': videoDescription,
|
||||
|
||||
'name': video.name,
|
||||
'description': video.description,
|
||||
'name': videoName,
|
||||
'description': videoDescription,
|
||||
'image': previewUrl,
|
||||
|
||||
'twitter:card': 'summary_large_image',
|
||||
'twitter:site': '@Chocobozzz',
|
||||
'twitter:title': video.name,
|
||||
'twitter:description': video.description,
|
||||
'twitter:title': videoName,
|
||||
'twitter:description': videoDescription,
|
||||
'twitter:image': previewUrl
|
||||
}
|
||||
|
||||
|
@ -69,7 +72,7 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance
|
|||
{
|
||||
type: 'application/json+oembed',
|
||||
href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl),
|
||||
title: video.name
|
||||
title: videoName
|
||||
}
|
||||
]
|
||||
|
||||
|
|
|
@ -38,6 +38,22 @@ function root () {
|
|||
return join.apply(null, paths)
|
||||
}
|
||||
|
||||
// Thanks: https://stackoverflow.com/a/12034334
|
||||
function escapeHTML (stringParam) {
|
||||
const entityMap = {
|
||||
'&': '&',
|
||||
'<': '<',
|
||||
'>': '>',
|
||||
'"': '"',
|
||||
"'": ''',
|
||||
'/': '/',
|
||||
'`': '`',
|
||||
'=': '='
|
||||
}
|
||||
|
||||
return String(stringParam).replace(/[&<>"'`=\/]/g, s => entityMap[s])
|
||||
}
|
||||
|
||||
function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
|
||||
return function promisified (): Promise<A> {
|
||||
return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
|
||||
|
@ -101,6 +117,7 @@ const statPromise = promisify1<string, Stats>(stat)
|
|||
export {
|
||||
isTestInstance,
|
||||
root,
|
||||
escapeHTML,
|
||||
|
||||
promisify0,
|
||||
promisify1,
|
||||
|
|
Loading…
Reference in a new issue