Allow enabling/disabling embeds with http:// URLs

cmrd-senya · cmrd-senya · commit c010aed50b12 · 2018-02-02T19:06:15.000+02:00
Default is disable
diff --git a/Changelog.md b/Changelog.md
@@ -2,6 +2,7 @@
 
 - Drop explicit support for Handlebars
 - Instead support overriding of a built-in render function
+- Allow enabling/disabling embeds with `http://` URLs. Default is disable.
 
 ## 0.5.0
 
diff --git a/README.md b/README.md
@@ -237,6 +237,12 @@ Boolean. Embed media in-place if true, or at some specified place if false.
 
 Default: `true`.
 
+#### isAllowedHttp
+
+Boolean. When `true` embed media with `http://` schema in URLs. When `false` ignore and don't count as embeddable media.
+
+Default: `false`.
+
 #### isAllowedMimeType
 
 Function. If specified, allows to decided basing on the MIME type, wheter to embed element or not. If not, all audio/video content is embedded. In a web browser you can use following code to embed only supported media type:
diff --git a/lib/index.js b/lib/index.js
@@ -99,6 +99,17 @@ function isAllowedMimeType(parsed, options) {
     (!options.isAllowedMimeType || options.isAllowedMimeType([parsed.mimeType, parsed.mediaType]));
 }
 
+function isAllowedSchema(parsed, options) {
+  if (!options.isAllowedHttp && parsed.url.match('^http://')) {
+    return false;
+  }
+  return true;
+}
+
+function isAllowedToEmbed(parsed, options) {
+  return isAllowedMimeType(parsed, options) && isAllowedSchema(parsed, options);
+}
+
 function renderMediaEmbed(parsed, mediaAttributes) {
   var attributes = mediaAttributes[parsed.mediaType];
 
@@ -112,7 +123,7 @@ function renderMediaEmbed(parsed, mediaAttributes) {
 function html5EmbedRenderer(tokens, idx, options, env, renderer, defaultRender) {
   var parsed = parseToken(tokens, idx, env);
 
-  if (!isAllowedMimeType(parsed, options.html5embed)) {
+  if (!isAllowedToEmbed(parsed, options.html5embed)) {
     return defaultRender(tokens, idx, options, env, renderer);
   }
 
@@ -219,7 +230,7 @@ module.exports = function html5_embed_plugin(md, options) {
       forEachLinkOpen(gstate, function(tokens, idx) {
         var parsed = parseToken(tokens, idx, env);
 
-        if (!isAllowedMimeType(parsed, options)) {
+        if (!isAllowedToEmbed(parsed, options)) {
           return;
         }
 
diff --git a/test/fixtures/link-syntax-http-disabled.txt b/test/fixtures/link-syntax-http-disabled.txt
@@ -0,0 +1,20 @@
+Video with link syntax:
+.
+[test link](http://example.com/file.webm)
+.
+<p><a href="http://example.com/file.webm">test link</a></p>
+.
+
+Video with link syntax (no text label):
+.
+[](http://example.com/file.webm)
+.
+<p><a href="http://example.com/file.webm"></a></p>
+.
+
+Check usual link is not broken:
+.
+[test link](http://example.com/file.php)
+.
+<p><a href="http://example.com/file.php">test link</a></p>
+.
diff --git a/test/fixtures/link-syntax-http-enabled.txt b/test/fixtures/link-syntax-http-enabled.txt
@@ -0,0 +1,27 @@
+Video with link syntax:
+.
+[test link](http://example.com/file.webm)
+.
+<p><video controls preload="metadata">
+<source type="video/webm" src="http://example.com/file.webm"></source>
+Your browser does not support playing HTML5 video. You can <a href="http://example.com/file.webm" download>download a copy of the video file</a> instead.
+Here is a description of the content: test link
+</video></p>
+.
+
+Video with link syntax (no text label):
+.
+[](http://example.com/file.webm)
+.
+<p><video controls preload="metadata">
+<source type="video/webm" src="http://example.com/file.webm"></source>
+Your browser does not support playing HTML5 video. You can <a href="http://example.com/file.webm" download>download a copy of the video file</a> instead.
+</video></p>
+.
+
+Check usual link is not broken:
+.
+[test link](http://example.com/file.php)
+.
+<p><a href="http://example.com/file.php">test link</a></p>
+.
diff --git a/test/test.js b/test/test.js
@@ -178,3 +178,28 @@ describe('markdown-it-html5-embed with image syntax + custom translation fn', fu
 
   generate(path.join(__dirname, 'fixtures/image-syntax-with-translation.txt'), md);
 });
+
+describe('markdown-it-html5-embed with link syntax http link when http disabled', function() {
+  clearBindings();
+
+  var options = {
+    html5embed: {
+      useLinkSyntax: true
+    }
+  };
+
+  var md = require('markdown-it')().use(require('../lib'), options);
+  generate(path.join(__dirname, 'fixtures/link-syntax-http-disabled.txt'), md);
+});
+
+describe('markdown-it-html5-embed with link syntax http link when http disabled', function() {
+  var options = {
+    html5embed: {
+      useLinkSyntax: true,
+      isAllowedHttp: true
+    }
+  };
+
+  var md = require('markdown-it')().use(require('../lib'), options);
+  generate(path.join(__dirname, 'fixtures/link-syntax-http-enabled.txt'), md);
+});
