2019-05-03 06:17:27 +08:00
|
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
2013-07-07 01:10:53 +08:00
|
|
|
|
# Post processing that we can do after a post has already been cooked.
|
2013-07-08 07:39:08 +08:00
|
|
|
|
# For example, inserting the onebox content, or image sizes/thumbnails.
|
2013-02-06 03:16:51 +08:00
|
|
|
|
|
|
|
|
|
|
class CookedPostProcessor
|
2021-11-23 03:32:12 +08:00
|
|
|
|
include CookedProcessorMixin
|
|
|
|
|
|
|
2019-04-01 10:14:29 +08:00
|
|
|
|
LIGHTBOX_WRAPPER_CSS_CLASS = "lightbox-wrapper"
|
2021-05-28 03:00:38 +08:00
|
|
|
|
GIF_SOURCES_REGEXP = %r{(giphy|tenor)\.com/}
|
2024-10-18 13:45:08 +08:00
|
|
|
|
MIN_LIGHTBOX_WIDTH = 100
|
|
|
|
|
|
MIN_LIGHTBOX_HEIGHT = 100
|
2018-11-27 16:00:31 +08:00
|
|
|
|
|
2017-11-13 08:19:06 +08:00
|
|
|
|
attr_reader :cooking_options, :doc
|
2016-08-13 03:28:54 +08:00
|
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
|
def initialize(post, opts = {})
|
|
|
|
|
|
@dirty = false
|
|
|
|
|
|
@opts = opts
|
|
|
|
|
|
@post = post
|
2021-11-23 03:32:12 +08:00
|
|
|
|
@model = post
|
2013-12-06 18:16:13 +08:00
|
|
|
|
@previous_cooked = (@post.cooked || "").dup
|
2015-09-30 00:51:26 +08:00
|
|
|
|
# NOTE: we re-cook the post here in order to prevent timing issues with edits
|
|
|
|
|
|
# cf. https://meta.discourse.org/t/edit-of-rebaked-post-doesnt-show-in-html-only-in-raw/33815/6
|
2015-12-04 04:01:18 +08:00
|
|
|
|
@cooking_options = post.cooking_options || opts[:cooking_options] || {}
|
2018-11-26 14:23:56 +08:00
|
|
|
|
@cooking_options[:topic_id] = post.topic_id
|
2015-12-04 04:01:18 +08:00
|
|
|
|
@cooking_options = @cooking_options.symbolize_keys
|
2024-04-09 11:23:11 +08:00
|
|
|
|
@should_secure_uploads = @post.should_secure_uploads?
|
2021-11-23 03:32:12 +08:00
|
|
|
|
@category_id = @post&.topic&.category_id
|
2016-04-13 02:09:59 +08:00
|
|
|
|
|
2020-01-29 08:37:04 +08:00
|
|
|
|
cooked = post.cook(post.raw, @cooking_options)
|
2023-06-20 09:49:22 +08:00
|
|
|
|
@doc = Loofah.html5_fragment(cooked)
|
2019-09-10 18:59:48 +08:00
|
|
|
|
@has_oneboxes = post.post_analyzer.found_oneboxes?
|
2013-02-19 14:57:14 +08:00
|
|
|
|
@size_cache = {}
|
2018-12-15 06:44:38 +08:00
|
|
|
|
|
2022-09-20 17:28:17 +08:00
|
|
|
|
@disable_dominant_color = !!opts[:disable_dominant_color]
|
2019-10-23 01:11:04 +08:00
|
|
|
|
@omit_nofollow = post.omit_nofollow?
|
2013-02-06 03:16:51 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2020-04-21 09:48:19 +08:00
|
|
|
|
def post_process(new_post: false)
|
2019-08-05 09:57:35 +08:00
|
|
|
|
DistributedMutex.synchronize("post_process_#{@post.id}", validity: 10.minutes) do
|
2017-10-17 11:17:00 +08:00
|
|
|
|
DiscourseEvent.trigger(:before_post_process_cooked, @doc, @post)
|
2023-10-19 07:48:01 +08:00
|
|
|
|
update_uploads_secure_status
|
2019-05-15 23:49:29 +08:00
|
|
|
|
remove_full_quote_on_direct_reply if new_post
|
2015-08-14 11:05:13 +08:00
|
|
|
|
post_process_oneboxes
|
2017-11-16 22:45:07 +08:00
|
|
|
|
post_process_images
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
|
|
|
|
add_blocked_hotlinked_media_placeholders
|
2018-03-14 01:07:51 +08:00
|
|
|
|
post_process_quotes
|
2015-08-14 11:05:13 +08:00
|
|
|
|
optimize_urls
|
2019-04-23 10:45:41 +08:00
|
|
|
|
remove_user_ids
|
2017-10-24 00:15:51 +08:00
|
|
|
|
update_post_image
|
2017-10-24 01:09:38 +08:00
|
|
|
|
enforce_nofollow
|
2016-04-08 00:27:26 +08:00
|
|
|
|
grant_badges
|
2018-09-06 14:08:03 +08:00
|
|
|
|
@post.link_post_uploads(fragments: @doc)
|
2017-06-24 02:35:10 +08:00
|
|
|
|
DiscourseEvent.trigger(:post_process_cooked, @doc, @post)
|
|
|
|
|
|
nil
|
2016-04-06 03:12:02 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2016-04-07 00:02:18 +08:00
|
|
|
|
def has_emoji?
|
|
|
|
|
|
(@doc.css("img.emoji") - @doc.css(".quote img")).size > 0
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2016-04-08 00:27:26 +08:00
|
|
|
|
def grant_badges
|
2023-12-06 14:37:32 +08:00
|
|
|
|
return if @post.user.blank? || !Guardian.new.can_see?(@post)
|
2016-04-06 04:13:10 +08:00
|
|
|
|
|
2016-04-14 04:38:24 +08:00
|
|
|
|
BadgeGranter.grant(Badge.find(Badge::FirstEmoji), @post.user, post_id: @post.id) if has_emoji?
|
|
|
|
|
|
if @has_oneboxes
|
|
|
|
|
|
BadgeGranter.grant(Badge.find(Badge::FirstOnebox), @post.user, post_id: @post.id)
|
2023-01-09 20:10:19 +08:00
|
|
|
|
end
|
2016-08-11 01:24:01 +08:00
|
|
|
|
if @post.is_reply_by_email?
|
|
|
|
|
|
BadgeGranter.grant(Badge.find(Badge::FirstReplyByEmail), @post.user, post_id: @post.id)
|
2023-01-09 20:10:19 +08:00
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2018-03-14 01:07:51 +08:00
|
|
|
|
def post_process_quotes
|
|
|
|
|
|
@doc
|
|
|
|
|
|
.css("aside.quote")
|
|
|
|
|
|
.each do |q|
|
|
|
|
|
|
post_number = q["data-post"]
|
|
|
|
|
|
topic_id = q["data-topic"]
|
|
|
|
|
|
if topic_id && post_number
|
|
|
|
|
|
comparer = QuoteComparer.new(topic_id.to_i, post_number.to_i, q.css("blockquote").text)
|
2023-01-09 20:10:19 +08:00
|
|
|
|
|
2022-05-12 23:07:43 +08:00
|
|
|
|
q["class"] = ((q["class"] || "") + " quote-post-not-found").strip if comparer.missing?
|
|
|
|
|
|
q["class"] = ((q["class"] || "") + " quote-modified").strip if comparer.modified?
|
2023-01-09 20:10:19 +08:00
|
|
|
|
end
|
2018-03-14 01:07:51 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2023-10-19 07:48:01 +08:00
|
|
|
|
def update_uploads_secure_status
|
|
|
|
|
|
@post.update_uploads_secure_status(source: "post processor")
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2019-05-15 23:49:29 +08:00
|
|
|
|
def remove_full_quote_on_direct_reply
|
|
|
|
|
|
return if !SiteSetting.remove_full_quote
|
|
|
|
|
|
return if @post.post_number == 1
|
2019-12-20 16:24:34 +08:00
|
|
|
|
return if @doc.xpath("aside[contains(@class, 'quote')]").size != 1
|
2018-12-07 20:07:11 +08:00
|
|
|
|
|
2019-05-15 23:49:29 +08:00
|
|
|
|
previous =
|
|
|
|
|
|
Post
|
|
|
|
|
|
.where(
|
|
|
|
|
|
"post_number < ? AND topic_id = ? AND post_type = ? AND NOT hidden",
|
|
|
|
|
|
@post.post_number,
|
|
|
|
|
|
@post.topic_id,
|
|
|
|
|
|
Post.types[:regular],
|
|
|
|
|
|
)
|
|
|
|
|
|
.order("post_number DESC")
|
|
|
|
|
|
.limit(1)
|
|
|
|
|
|
.pluck(:cooked)
|
|
|
|
|
|
.first
|
2018-12-07 20:07:11 +08:00
|
|
|
|
|
2019-05-15 23:49:29 +08:00
|
|
|
|
return if previous.blank?
|
2018-12-07 20:07:11 +08:00
|
|
|
|
|
2020-05-05 11:46:57 +08:00
|
|
|
|
previous_text = Nokogiri::HTML5.fragment(previous).text.strip
|
2019-05-17 20:17:29 +08:00
|
|
|
|
quoted_text = @doc.css("aside.quote:first-child blockquote").first&.text&.strip || ""
|
|
|
|
|
|
|
|
|
|
|
|
return if previous_text.gsub(/(\s){2,}/, '\1') != quoted_text.gsub(/(\s){2,}/, '\1')
|
2019-05-15 23:49:29 +08:00
|
|
|
|
|
2019-12-20 16:24:34 +08:00
|
|
|
|
quote_regexp = %r{\A\s*\[quote.+\[/quote\]}im
|
2019-05-15 23:49:29 +08:00
|
|
|
|
quoteless_raw = @post.raw.sub(quote_regexp, "").strip
|
|
|
|
|
|
|
|
|
|
|
|
return if @post.raw.strip == quoteless_raw
|
2018-12-07 20:07:11 +08:00
|
|
|
|
|
|
|
|
|
|
PostRevisor.new(@post).revise!(
|
|
|
|
|
|
Discourse.system_user,
|
|
|
|
|
|
{ raw: quoteless_raw, edit_reason: I18n.t(:removed_direct_reply_full_quotes) },
|
2018-12-12 22:42:53 +08:00
|
|
|
|
skip_validations: true,
|
|
|
|
|
|
bypass_bump: true,
|
2018-12-07 20:07:11 +08:00
|
|
|
|
)
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2013-07-08 07:39:08 +08:00
|
|
|
|
def extract_images
|
2017-11-16 22:45:07 +08:00
|
|
|
|
# all images with a src attribute
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
|
|
|
|
@doc.css("img[src], img[#{PrettyText::BLOCKED_HOTLINKED_SRC_ATTR}]") -
|
2017-11-16 22:45:07 +08:00
|
|
|
|
# minus data images
|
2014-07-18 23:54:18 +08:00
|
|
|
|
@doc.css("img[src^='data']") -
|
2017-11-16 22:45:07 +08:00
|
|
|
|
# minus emojis
|
2019-12-09 21:39:25 +08:00
|
|
|
|
@doc.css("img.emoji")
|
2013-07-08 07:39:08 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2016-10-31 17:41:33 +08:00
|
|
|
|
def extract_images_for_post
|
2017-11-16 22:45:07 +08:00
|
|
|
|
# all images with a src attribute
|
2015-10-15 17:00:47 +08:00
|
|
|
|
@doc.css("img[src]") -
|
2017-11-16 22:45:07 +08:00
|
|
|
|
# minus emojis
|
2015-10-15 17:00:47 +08:00
|
|
|
|
@doc.css("img.emoji") -
|
2017-11-16 22:45:07 +08:00
|
|
|
|
# minus images inside quotes
|
2020-02-07 00:19:40 +08:00
|
|
|
|
@doc.css(".quote img") -
|
|
|
|
|
|
# minus onebox site icons
|
2020-05-15 01:01:43 +08:00
|
|
|
|
@doc.css("img.site-icon") -
|
|
|
|
|
|
# minus onebox avatars
|
2021-02-22 18:40:40 +08:00
|
|
|
|
@doc.css("img.onebox-avatar") - @doc.css("img.onebox-avatar-inline") -
|
2021-02-12 01:50:42 +08:00
|
|
|
|
# minus github onebox profile images
|
|
|
|
|
|
@doc.css(".onebox.githubfolder img")
|
2015-10-15 17:00:47 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2013-11-06 02:04:47 +08:00
|
|
|
|
def convert_to_link!(img)
|
2020-03-26 22:40:00 +08:00
|
|
|
|
w, h = img["width"].to_i, img["height"].to_i
|
|
|
|
|
|
user_width, user_height =
|
|
|
|
|
|
(w > 0 && h > 0 && [w, h]) || get_size_from_attributes(img) ||
|
|
|
|
|
|
get_size_from_image_sizes(img["src"], @opts[:image_sizes])
|
|
|
|
|
|
|
|
|
|
|
|
limit_size!(img)
|
|
|
|
|
|
|
2013-02-19 14:57:14 +08:00
|
|
|
|
src = img["src"]
|
2018-06-18 17:10:23 +08:00
|
|
|
|
return if src.blank? || is_a_hyperlink?(img) || is_svg?(img)
|
2013-02-19 14:57:14 +08:00
|
|
|
|
|
2021-04-22 23:28:35 +08:00
|
|
|
|
upload = Upload.get_from_url(src)
|
|
|
|
|
|
|
2022-11-25 09:40:31 +08:00
|
|
|
|
original_width, original_height = nil
|
|
|
|
|
|
|
|
|
|
|
|
if (upload.present?)
|
|
|
|
|
|
original_width = upload.width || 0
|
|
|
|
|
|
original_height = upload.height || 0
|
|
|
|
|
|
else
|
|
|
|
|
|
original_width, original_height = (get_size(src) || [0, 0]).map(&:to_i)
|
|
|
|
|
|
if original_width == 0 || original_height == 0
|
|
|
|
|
|
Rails.logger.info "Can't reach '#{src}' to get its dimension."
|
|
|
|
|
|
return
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2021-05-28 03:00:38 +08:00
|
|
|
|
if (upload.present? && upload.animated?) || src.match?(GIF_SOURCES_REGEXP)
|
2021-04-22 23:28:35 +08:00
|
|
|
|
img.add_class("animated")
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2024-10-18 13:45:08 +08:00
|
|
|
|
generate_thumbnail =
|
|
|
|
|
|
original_width > SiteSetting.max_image_width || original_height > SiteSetting.max_image_height
|
2013-07-08 07:39:08 +08:00
|
|
|
|
|
2020-03-26 22:40:00 +08:00
|
|
|
|
user_width, user_height = [original_width, original_height] if user_width.to_i <= 0 &&
|
|
|
|
|
|
user_height.to_i <= 0
|
|
|
|
|
|
width, height = user_width, user_height
|
|
|
|
|
|
|
|
|
|
|
|
crop =
|
|
|
|
|
|
SiteSetting.min_ratio_to_crop > 0 && width.to_f / height.to_f < SiteSetting.min_ratio_to_crop
|
2018-06-05 23:13:00 +08:00
|
|
|
|
|
|
|
|
|
|
if crop
|
2020-03-26 22:40:00 +08:00
|
|
|
|
width, height = ImageSizer.crop(width, height)
|
|
|
|
|
|
img["width"], img["height"] = width, height
|
|
|
|
|
|
else
|
|
|
|
|
|
width, height = ImageSizer.resize(width, height)
|
2016-05-23 22:18:30 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2020-01-29 08:11:38 +08:00
|
|
|
|
if upload.present?
|
2024-10-18 13:45:08 +08:00
|
|
|
|
if generate_thumbnail
|
|
|
|
|
|
upload.create_thumbnail!(width, height, crop: crop)
|
2018-10-03 11:44:53 +08:00
|
|
|
|
|
2024-10-18 13:45:08 +08:00
|
|
|
|
each_responsive_ratio do |ratio|
|
|
|
|
|
|
resized_w = (width * ratio).to_i
|
|
|
|
|
|
resized_h = (height * ratio).to_i
|
2018-10-03 11:44:53 +08:00
|
|
|
|
|
2024-10-18 13:45:08 +08:00
|
|
|
|
if upload.width && resized_w <= upload.width
|
|
|
|
|
|
upload.create_thumbnail!(resized_w, resized_h, crop: crop)
|
|
|
|
|
|
end
|
2018-10-03 11:44:53 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
2018-12-15 06:44:38 +08:00
|
|
|
|
|
2021-05-21 03:19:44 +08:00
|
|
|
|
return if upload.animated?
|
|
|
|
|
|
|
2023-05-02 17:02:19 +08:00
|
|
|
|
if img.ancestors(".onebox, .onebox-body").blank? && !img.classes.include?("onebox")
|
2024-10-18 13:45:08 +08:00
|
|
|
|
add_lightbox!(img, original_width, original_height, upload)
|
2021-05-21 03:19:44 +08:00
|
|
|
|
end
|
2019-12-09 21:39:25 +08:00
|
|
|
|
|
2024-10-18 13:45:08 +08:00
|
|
|
|
optimize_image!(img, upload, cropped: crop) if generate_thumbnail
|
2020-01-29 08:11:38 +08:00
|
|
|
|
end
|
2013-07-08 07:39:08 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2019-11-29 21:18:42 +08:00
|
|
|
|
def optimize_image!(img, upload, cropped: false)
|
|
|
|
|
|
w, h = img["width"].to_i, img["height"].to_i
|
2023-07-20 02:21:34 +08:00
|
|
|
|
onebox = img.ancestors(".onebox, .onebox-body").first
|
2019-11-29 21:18:42 +08:00
|
|
|
|
|
2022-09-20 17:28:17 +08:00
|
|
|
|
# note: optimize_urls cooks the src further after this
|
2021-05-21 03:19:44 +08:00
|
|
|
|
thumbnail = upload.thumbnail(w, h)
|
2019-11-29 21:18:42 +08:00
|
|
|
|
if thumbnail && thumbnail.filesize.to_i < upload.filesize
|
|
|
|
|
|
img["src"] = thumbnail.url
|
|
|
|
|
|
|
|
|
|
|
|
srcset = +""
|
|
|
|
|
|
|
2023-07-20 02:21:34 +08:00
|
|
|
|
# Skip srcset for onebox images. Because onebox thumbnails by default
|
|
|
|
|
|
# are fairly small the width/height of the smallest thumbnail is likely larger
|
|
|
|
|
|
# than what the onebox thumbnail size will be displayed at, so we shouldn't
|
|
|
|
|
|
# need to upscale for retina devices
|
|
|
|
|
|
if !onebox
|
|
|
|
|
|
each_responsive_ratio do |ratio|
|
|
|
|
|
|
resized_w = (w * ratio).to_i
|
|
|
|
|
|
resized_h = (h * ratio).to_i
|
|
|
|
|
|
|
|
|
|
|
|
if !cropped && upload.width && resized_w > upload.width
|
2024-04-09 11:23:11 +08:00
|
|
|
|
cooked_url = UrlHelper.cook_url(upload.url, secure: @should_secure_uploads)
|
2023-07-20 02:21:34 +08:00
|
|
|
|
srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0\z/, "")}x"
|
|
|
|
|
|
elsif t = upload.thumbnail(resized_w, resized_h)
|
2024-04-09 11:23:11 +08:00
|
|
|
|
cooked_url = UrlHelper.cook_url(t.url, secure: @should_secure_uploads)
|
2023-07-20 02:21:34 +08:00
|
|
|
|
srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0\z/, "")}x"
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
img[
|
|
|
|
|
|
"srcset"
|
2024-04-09 11:23:11 +08:00
|
|
|
|
] = "#{UrlHelper.cook_url(img["src"], secure: @should_secure_uploads)}#{srcset}" if srcset.present?
|
2019-11-29 21:18:42 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
else
|
|
|
|
|
|
img["src"] = upload.url
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-09-20 17:28:17 +08:00
|
|
|
|
if !@disable_dominant_color &&
|
|
|
|
|
|
(color = upload.dominant_color(calculate_if_missing: true).presence)
|
|
|
|
|
|
img["data-dominant-color"] = color
|
2019-11-29 21:18:42 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2024-10-18 13:45:08 +08:00
|
|
|
|
def add_lightbox!(img, original_width, original_height, upload)
|
|
|
|
|
|
return if original_width < MIN_LIGHTBOX_WIDTH || original_height < MIN_LIGHTBOX_HEIGHT
|
|
|
|
|
|
|
2013-06-26 08:44:20 +08:00
|
|
|
|
# first, create a div to hold our lightbox
|
2019-04-01 10:14:29 +08:00
|
|
|
|
lightbox = create_node("div", LIGHTBOX_WRAPPER_CSS_CLASS)
|
2013-07-08 07:39:08 +08:00
|
|
|
|
img.add_next_sibling(lightbox)
|
|
|
|
|
|
lightbox.add_child(img)
|
|
|
|
|
|
|
2013-06-26 08:44:20 +08:00
|
|
|
|
# then, the link to our larger image
|
2024-10-18 13:45:08 +08:00
|
|
|
|
src_url = Upload.secure_uploads_url?(img["src"]) ? upload&.url || img["src"] : img["src"]
|
|
|
|
|
|
src = UrlHelper.cook_url(src_url, secure: @should_secure_uploads)
|
|
|
|
|
|
|
2019-12-05 07:13:09 +08:00
|
|
|
|
a = create_link_node("lightbox", src)
|
2013-02-19 14:57:14 +08:00
|
|
|
|
img.add_next_sibling(a)
|
2014-10-16 01:20:04 +08:00
|
|
|
|
|
|
|
|
|
|
a["data-download-href"] = Discourse.store.download_url(upload) if upload
|
|
|
|
|
|
|
2013-02-19 14:57:14 +08:00
|
|
|
|
a.add_child(img)
|
2013-07-08 07:39:08 +08:00
|
|
|
|
|
2013-06-26 08:44:20 +08:00
|
|
|
|
# then, some overlay informations
|
2017-11-15 18:30:47 +08:00
|
|
|
|
meta = create_node("div", "meta")
|
2013-07-08 07:39:08 +08:00
|
|
|
|
img.add_next_sibling(meta)
|
2013-06-22 00:29:40 +08:00
|
|
|
|
|
2013-11-06 02:04:47 +08:00
|
|
|
|
filename = get_filename(upload, img["src"])
|
2019-05-03 06:17:27 +08:00
|
|
|
|
informations = +"#{original_width}×#{original_height}"
|
2019-02-21 10:13:37 +08:00
|
|
|
|
informations << " #{upload.human_filesize}" if upload
|
2013-06-22 00:29:40 +08:00
|
|
|
|
|
2023-09-13 14:33:08 +08:00
|
|
|
|
a["title"] = img["title"] || img["alt"] || filename
|
2013-11-30 03:03:39 +08:00
|
|
|
|
|
2019-03-22 23:52:06 +08:00
|
|
|
|
meta.add_child create_icon_node("far-image")
|
2016-08-11 11:27:12 +08:00
|
|
|
|
meta.add_child create_span_node("filename", a["title"])
|
2013-06-26 08:44:20 +08:00
|
|
|
|
meta.add_child create_span_node("informations", informations)
|
2019-03-22 23:52:06 +08:00
|
|
|
|
meta.add_child create_icon_node("discourse-expand")
|
2013-06-22 00:29:40 +08:00
|
|
|
|
end
|
2013-02-19 14:57:14 +08:00
|
|
|
|
|
2013-06-27 03:53:31 +08:00
|
|
|
|
def get_filename(upload, src)
|
|
|
|
|
|
return File.basename(src) unless upload
|
2023-01-21 02:52:49 +08:00
|
|
|
|
return upload.original_filename unless upload.original_filename =~ /\Ablob(\.png)?\z/i
|
2019-11-15 04:10:51 +08:00
|
|
|
|
I18n.t("upload.pasted_image_filename")
|
2013-06-27 03:53:31 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2016-10-31 17:41:33 +08:00
|
|
|
|
def update_post_image
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 16:07:50 +08:00
|
|
|
|
upload = nil
|
2021-02-11 23:44:41 +08:00
|
|
|
|
images = extract_images_for_post
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 16:07:50 +08:00
|
|
|
|
|
2021-02-11 23:44:41 +08:00
|
|
|
|
@post.each_upload_url(fragments: images.css("[data-thumbnail]")) do |src, path, sha1|
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 16:07:50 +08:00
|
|
|
|
upload = Upload.find_by(sha1: sha1)
|
|
|
|
|
|
break if upload
|
2020-02-07 00:19:40 +08:00
|
|
|
|
end
|
2017-06-09 19:16:50 +08:00
|
|
|
|
|
2021-02-11 23:44:41 +08:00
|
|
|
|
if upload.nil? # No specified thumbnail. Use any image:
|
|
|
|
|
|
@post.each_upload_url(fragments: images.css(":not([data-thumbnail])")) do |src, path, sha1|
|
|
|
|
|
|
upload = Upload.find_by(sha1: sha1)
|
|
|
|
|
|
break if upload
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 16:07:50 +08:00
|
|
|
|
if upload.present?
|
|
|
|
|
|
@post.update_column(:image_upload_id, upload.id) # post
|
|
|
|
|
|
if @post.is_first_post? # topic
|
|
|
|
|
|
@post.topic.update_column(:image_upload_id, upload.id)
|
|
|
|
|
|
extra_sizes =
|
|
|
|
|
|
ThemeModifierHelper.new(theme_ids: Theme.user_selectable.pluck(:id)).topic_thumbnail_sizes
|
|
|
|
|
|
@post.topic.generate_thumbnails!(extra_sizes: extra_sizes)
|
|
|
|
|
|
end
|
|
|
|
|
|
else
|
|
|
|
|
|
@post.update_column(:image_upload_id, nil) if @post.image_upload_id
|
|
|
|
|
|
if @post.topic.image_upload_id && @post.is_first_post?
|
|
|
|
|
|
@post.topic.update_column(:image_upload_id, nil)
|
2023-01-09 20:10:19 +08:00
|
|
|
|
end
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 16:07:50 +08:00
|
|
|
|
nil
|
2013-07-08 07:39:08 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2013-11-06 02:04:47 +08:00
|
|
|
|
def optimize_urls
|
2014-10-16 01:20:04 +08:00
|
|
|
|
%w[href data-download-href].each do |selector|
|
2018-08-14 18:23:32 +08:00
|
|
|
|
@doc.css("a[#{selector}]").each { |a| a[selector] = UrlHelper.cook_url(a[selector].to_s) }
|
2013-11-06 02:04:47 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2022-09-20 17:28:17 +08:00
|
|
|
|
%w[src].each do |selector|
|
2019-02-21 02:24:38 +08:00
|
|
|
|
@doc
|
|
|
|
|
|
.css("img[#{selector}]")
|
|
|
|
|
|
.each do |img|
|
2022-02-14 11:02:42 +08:00
|
|
|
|
custom_emoji = img["class"]&.include?("emoji-custom") && Emoji.custom?(img["title"])
|
|
|
|
|
|
img[selector] = UrlHelper.cook_url(
|
2022-09-29 07:24:33 +08:00
|
|
|
|
img[selector].to_s,
|
2024-04-09 11:23:11 +08:00
|
|
|
|
secure: @should_secure_uploads && !custom_emoji,
|
2022-02-14 11:02:42 +08:00
|
|
|
|
)
|
2019-02-21 02:24:38 +08:00
|
|
|
|
end
|
2013-11-06 02:04:47 +08:00
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
end
|
2017-10-24 01:09:38 +08:00
|
|
|
|
|
2019-04-23 10:45:41 +08:00
|
|
|
|
def remove_user_ids
|
|
|
|
|
|
@doc
|
|
|
|
|
|
.css("a[href]")
|
|
|
|
|
|
.each do |a|
|
2019-04-25 15:06:31 +08:00
|
|
|
|
uri =
|
|
|
|
|
|
begin
|
|
|
|
|
|
URI(a["href"])
|
|
|
|
|
|
rescue URI::Error
|
2023-01-09 20:10:19 +08:00
|
|
|
|
next
|
|
|
|
|
|
end
|
2019-04-23 10:45:41 +08:00
|
|
|
|
next if uri.hostname != Discourse.current_hostname
|
2023-01-09 20:10:19 +08:00
|
|
|
|
|
2019-04-23 10:45:41 +08:00
|
|
|
|
query = Rack::Utils.parse_nested_query(uri.query)
|
2019-04-25 15:06:31 +08:00
|
|
|
|
next if !query.delete("u")
|
2023-01-09 20:10:19 +08:00
|
|
|
|
|
2019-04-23 10:45:41 +08:00
|
|
|
|
uri.query = query.map { |k, v| "#{k}=#{v}" }.join("&").presence
|
|
|
|
|
|
a["href"] = uri.to_s
|
2019-04-25 15:06:31 +08:00
|
|
|
|
end
|
2019-04-23 10:45:41 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
2017-10-24 00:15:51 +08:00
|
|
|
|
def enforce_nofollow
|
2020-09-10 23:59:51 +08:00
|
|
|
|
add_nofollow = !@omit_nofollow && SiteSetting.add_rel_nofollow_to_user_content
|
|
|
|
|
|
PrettyText.add_rel_attributes_to_user_content(@doc, add_nofollow)
|
2017-10-24 00:15:51 +08:00
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
|
2018-06-18 17:10:23 +08:00
|
|
|
|
private
|
|
|
|
|
|
|
2019-05-27 11:28:37 +08:00
|
|
|
|
def post_process_images
|
|
|
|
|
|
extract_images.each do |img|
|
2022-05-13 21:11:45 +08:00
|
|
|
|
still_an_image = process_hotlinked_image(img)
|
|
|
|
|
|
convert_to_link!(img) if still_an_image
|
2019-05-27 11:28:37 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-05-13 21:11:45 +08:00
|
|
|
|
def process_hotlinked_image(img)
|
2023-04-27 01:05:22 +08:00
|
|
|
|
onebox = img.ancestors(".onebox, .onebox-body").first
|
|
|
|
|
|
|
2022-05-13 21:11:45 +08:00
|
|
|
|
@hotlinked_map ||= @post.post_hotlinked_media.preload(:upload).map { |r| [r.url, r] }.to_h
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
|
|
|
|
normalized_src =
|
|
|
|
|
|
PostHotlinkedMedia.normalize_src(img["src"] || img[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR])
|
2022-05-13 21:11:45 +08:00
|
|
|
|
info = @hotlinked_map[normalized_src]
|
|
|
|
|
|
|
|
|
|
|
|
still_an_image = true
|
|
|
|
|
|
|
|
|
|
|
|
if info&.too_large?
|
2023-04-27 01:05:22 +08:00
|
|
|
|
if !onebox || onebox.element_children.size == 1
|
2022-08-12 00:09:48 +08:00
|
|
|
|
add_large_image_placeholder!(img)
|
|
|
|
|
|
else
|
|
|
|
|
|
img.remove
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-05-13 21:11:45 +08:00
|
|
|
|
still_an_image = false
|
|
|
|
|
|
elsif info&.download_failed?
|
2023-04-27 01:05:22 +08:00
|
|
|
|
if !onebox || onebox.element_children.size == 1
|
2022-08-12 00:09:48 +08:00
|
|
|
|
add_broken_image_placeholder!(img)
|
|
|
|
|
|
else
|
|
|
|
|
|
img.remove
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-05-13 21:11:45 +08:00
|
|
|
|
still_an_image = false
|
|
|
|
|
|
elsif info&.downloaded? && upload = info&.upload
|
2024-04-09 11:23:11 +08:00
|
|
|
|
img["src"] = UrlHelper.cook_url(upload.url, secure: @should_secure_uploads)
|
2023-04-13 19:04:46 +08:00
|
|
|
|
img["data-dominant-color"] = upload.dominant_color(calculate_if_missing: true).presence
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
|
|
|
|
img.delete(PrettyText::BLOCKED_HOTLINKED_SRC_ATTR)
|
2022-05-13 21:11:45 +08:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
still_an_image
|
|
|
|
|
|
end
|
|
|
|
|
|
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
|
|
|
|
def add_blocked_hotlinked_media_placeholders
|
|
|
|
|
|
@doc
|
|
|
|
|
|
.css(
|
|
|
|
|
|
[
|
|
|
|
|
|
"[#{PrettyText::BLOCKED_HOTLINKED_SRC_ATTR}]",
|
|
|
|
|
|
"[#{PrettyText::BLOCKED_HOTLINKED_SRCSET_ATTR}]",
|
|
|
|
|
|
].join(","),
|
2023-01-09 20:10:19 +08:00
|
|
|
|
)
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
|
|
|
|
.each do |el|
|
|
|
|
|
|
src =
|
|
|
|
|
|
el[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR] ||
|
|
|
|
|
|
el[PrettyText::BLOCKED_HOTLINKED_SRCSET_ATTR]&.split(",")&.first&.split(" ")&.first
|
2023-01-09 20:10:19 +08:00
|
|
|
|
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
|
|
|
|
if el.name == "img"
|
|
|
|
|
|
add_blocked_hotlinked_image_placeholder!(el)
|
|
|
|
|
|
next
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
el = el.parent if %w[video audio].include?(el.parent.name)
|
|
|
|
|
|
|
|
|
|
|
|
el = el.parent if el.parent.classes.include?("video-container")
|
|
|
|
|
|
|
|
|
|
|
|
add_blocked_hotlinked_media_placeholder!(el, src)
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2018-06-18 17:10:23 +08:00
|
|
|
|
def is_svg?(img)
|
2018-06-20 10:47:14 +08:00
|
|
|
|
path =
|
|
|
|
|
|
begin
|
|
|
|
|
|
URI(img["src"]).path
|
2018-08-14 18:23:32 +08:00
|
|
|
|
rescue URI::Error
|
2018-06-20 10:47:14 +08:00
|
|
|
|
nil
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
File.extname(path) == ".svg" if path
|
2018-06-18 17:10:23 +08:00
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
end
|