New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow HTML embed code for CodePen #59

Merged
merged 1 commit into from Nov 21, 2017

Conversation

Projects
None yet
2 participants
@koki-sato
Copy link
Member

koki-sato commented Nov 13, 2017

Relates to #54

In this PR, embed CodePen by html and javascript ( the 2nd one of #54 (comment) )

Accordingly, allow some data-* attribute for <p> and <script> for codepen's javascript.

if node["src"] == CODE_PEN_SCRIPT_URL
node.children.unlink
else
node.unlink

This comment has been minimized.

@yuku

yuku Nov 14, 2017

Member

The responsibility of AttributeFilter is to filter attributes but #filter_script unlinks <script> nodes. IMO, you should add a new transformer class and move this method to it according to SRP.

"data-pen-title",
"data-slug-hash",
"data-theme-id",
"data-user",

This comment has been minimized.

@yuku

yuku Nov 14, 2017

Member

This array duplicates UserInputSanitizer::CODE_PEN_ATTRIBUTES. You should define a Qiita::Markdown::CodePen module which contains constants corresponding to codepen.

This comment has been minimized.

@yuku

yuku Nov 14, 2017

Member

And please remove all data-* attributes except data-slug-hash and data-embed-version.

@koki-sato

This comment has been minimized.

Copy link
Member

koki-sato commented Nov 17, 2017

@yuku-t Thank you for reviewing!

I defined Qiita::Markdown::CodePen module and moved all constants and transformer related to codepen into it.

@koki-sato koki-sato force-pushed the code-pen-html branch 3 times, most recently from 97368cc to 33b6aac Nov 17, 2017

@yuku yuku dismissed their stale review Nov 17, 2017

need more specs

context "with HTML embed code for CodePen" do
let(:markdown) do
<<-EOS.strip_heredoc
<p data-slug-hash="foo" data-embed-version="2" class="codepen"></p>

This comment has been minimized.

@yuku

yuku Nov 17, 2017

Member

Since the <p> doesn't have other data-* attributes, this spec doesn't test whether data-attributes except data-slug-hash and data-embed-version are sanitized. It should have at least data-height, data-theme-id, data-default-tab, data-user and data-pen-title attributes.

@koki-sato

This comment has been minimized.

Copy link
Member

koki-sato commented Nov 19, 2017

OK, I changed the test to check whether data-* attributes except data-slug-hash and data-embed-version are sanitized.

@@ -1268,6 +1312,33 @@
end
end

shared_examples_for "codepen" do |allowed:|

This comment has been minimized.

@yuku

yuku Nov 19, 2017

Member

"codepen" is inappropriate as the name of the shared examples, because codepen is allowed to use even though the parameter is false. I think it should be renamed as "override codepen attributes".

EOS
end
else
it "sanitize data-attributes except the minimum attributes" do

This comment has been minimized.

@yuku

yuku Nov 19, 2017

Member

it "sanitizes ...

Please start each spec with a verb in the third person singular form.

@koki-sato koki-sato force-pushed the code-pen-html branch 3 times, most recently from c5d79b5 to 3d1cf15 Nov 20, 2017

@yuku

yuku approved these changes Nov 20, 2017

Copy link
Member

yuku left a comment

LGTM. @koki-sato Please squash commits

@koki-sato koki-sato force-pushed the code-pen-html branch from 3d1cf15 to da8fba3 Nov 21, 2017

@yuku yuku merged commit f1e1e90 into master Nov 21, 2017

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@yuku yuku deleted the code-pen-html branch Nov 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment