github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-07 01:36:15 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: persist secure image width and height if is given (#10994)

Browse Source 
`max-width: 50%; max-height: 400px;` is a good fallback, however, if width and height are given and are smaller than fallback -  we should persist that smaller size.
This commit is contained in:
Krzysztof Kotlarek 2020-10-22 13:25:09 +11:00 committed by GitHub
parent 64b0b50ac0
commit b2481adb40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/email/styles.rb
View File

@ -6,6 +6,8 @@
# #
module Email module Email
class Styles class Styles
MAX_IMAGE_DIMENSION = 400
@@plugin_callbacks = [] @@plugin_callbacks = []
attr_accessor :fragment attr_accessor :fragment
@ -220,7 +222,7 @@ module Email
onebox_styles onebox_styles
plugin_styles plugin_styles
style('.post-excerpt img', "max-width: 50%; max-height: 400px;") style('.post-excerpt img', "max-width: 50%; max-height: #{MAX_IMAGE_DIMENSION}px;")
format_custom format_custom
end end
@ -257,7 +259,7 @@ module Email
url = attachments[original_filename].url url = attachments[original_filename].url
div.add_next_sibling( div.add_next_sibling(
"<img src=\"#{url}\" data-embedded-secure-image=\"true\" style=\"max-width: 50%; max-height: 400px;\" />" "<img src=\"#{url}\" data-embedded-secure-image=\"true\" style=\"#{calculate_width_and_height_style(div)}\" />"
) )
div.remove div.remove
end end
@ -320,6 +322,16 @@ module Email
end end
end end
def calculate_width_and_height_style(div)
width = div['data-width']
height = div['data-height']
if width.present? && height.present? && height.to_i < MAX_IMAGE_DIMENSION && width.to_i < MAX_IMAGE_DIMENSION
"width: #{width}px; height: #{height}px;"
else
"max-width: 50%; max-height: #{MAX_IMAGE_DIMENSION}px;"
end
end
def replace_secure_media_urls def replace_secure_media_urls
# strip again, this can be done at a lower level like in the user # strip again, this can be done at a lower level like in the user
# notification template but that may not catch everything # notification template but that may not catch everything

12
lib/pretty_text.rb
View File

@ -409,21 +409,25 @@ module PrettyText
if Upload.secure_media_url?(a["href"]) if Upload.secure_media_url?(a["href"])
target = %w(video audio).include?(a&.parent&.name) ? a.parent : a target = %w(video audio).include?(a&.parent&.name) ? a.parent : a
next if target.to_s.include?("stripped-secure-view-media") next if target.to_s.include?("stripped-secure-view-media")
target.add_next_sibling secure_media_placeholder(doc, a['href']) width = a.xpath("//*[@width]").attr("width")&.value
height = a.xpath("//*[@height]").attr("height")&.value
target.add_next_sibling secure_media_placeholder(doc, a['href'], width: width, height: height)
target.remove target.remove
end end
end end
doc.css('img[src]').each do |img| doc.css('img[src]').each do |img|
if Upload.secure_media_url?(img['src']) if Upload.secure_media_url?(img['src'])
img.add_next_sibling secure_media_placeholder(doc, img['src']) img.add_next_sibling secure_media_placeholder(doc, img['src'], width: img['width'], height: img['height'])
img.remove img.remove
end end
end end
end end
def self.secure_media_placeholder(doc, url) def self.secure_media_placeholder(doc, url, width: nil, height: nil)
data_width = width ? "data-width=#{width}" : ''
data_height = height ? "data-height=#{height}" : ''
<<~HTML <<~HTML
<div class="secure-media-notice" data-stripped-secure-media="#{url}"> <div class="secure-media-notice" data-stripped-secure-media="#{url}" #{data_width} #{data_height}>
#{I18n.t('emails.secure_media_placeholder')} <a class='stripped-secure-view-media' href="#{url}">#{I18n.t("emails.view_redacted_media")}</a>. #{I18n.t('emails.secure_media_placeholder')} <a class='stripped-secure-view-media' href="#{url}">#{I18n.t("emails.view_redacted_media")}</a>.
</div> </div>
HTML HTML

3
spec/components/email/styles_spec.rb
View File

@ -212,7 +212,7 @@ describe Email::Styles do
fab!(:upload) { Fabricate(:upload, original_filename: 'testimage.png', secure: true, sha1: '123456') } fab!(:upload) { Fabricate(:upload, original_filename: 'testimage.png', secure: true, sha1: '123456') }
def strip_and_inline def strip_and_inline
html = "<a href=\"#{Discourse.base_url}\/secure-media-uploads/original/1X/123456.png\"><img src=\"/secure-media-uploads/original/1X/123456.png\"></a>" html = "<a href=\"#{Discourse.base_url}\/secure-media-uploads/original/1X/123456.png\"><img src=\"/secure-media-uploads/original/1X/123456.png\" width=\"20\" height=\"30\"></a>"
# strip out the secure media # strip out the secure media
styler = Email::Styles.new(html) styler = Email::Styles.new(html)
@ -230,6 +230,7 @@ describe Email::Styles do
strip_and_inline strip_and_inline
expect(@frag.to_s).to include("cid:email/test.png") expect(@frag.to_s).to include("cid:email/test.png")
expect(@frag.css('[data-stripped-secure-media]')).not_to be_present expect(@frag.css('[data-stripped-secure-media]')).not_to be_present
expect(@frag.children.attr('style').value).to eq("width: 20px; height: 30px;")
end end
it "does not inline anything if the upload cannot be found" do it "does not inline anything if the upload cannot be found" do

4
spec/components/pretty_text_spec.rb
View File

@ -966,12 +966,14 @@ describe PrettyText do
it "replaces secure images with a placeholder, keeping the url in an attribute" do it "replaces secure images with a placeholder, keeping the url in an attribute" do
url = "/secure-media-uploads/original/1X/testimage.png" url = "/secure-media-uploads/original/1X/testimage.png"
html = <<~HTML html = <<~HTML
<img src=\"#{url}\"> <img src=\"#{url}\" width=\"20\" height=\"20\">
HTML HTML
md = PrettyText.format_for_email(html, post) md = PrettyText.format_for_email(html, post)
expect(md).not_to include('<img') expect(md).not_to include('<img')
expect(md).to include("Redacted") expect(md).to include("Redacted")
expect(md).to include("data-stripped-secure-media=\"#{url}\"") expect(md).to include("data-stripped-secure-media=\"#{url}\"")
expect(md).to include("data-width=\"20\"")
expect(md).to include("data-height=\"20\"")
end end
end end
end end