Return-Path: 
 <allura-commits-return-9306-apmail-incubator-allura-commits-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Delivered-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1414F103F6
	for <apmail-incubator-allura-commits-archive@minotaur.apache.org>;
 Thu, 27 Feb 2014 14:48:52 +0000 (UTC)
Received: (qmail 67280 invoked by uid 500); 27 Feb 2014 14:48:51 -0000
Delivered-To: apmail-incubator-allura-commits-archive@incubator.apache.org
Received: (qmail 67261 invoked by uid 500); 27 Feb 2014 14:48:50 -0000
Mailing-List: contact allura-commits-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:allura-commits-help@incubator.apache.org>
List-Unsubscribe: <mailto:allura-commits-unsubscribe@incubator.apache.org>
List-Post: <mailto:allura-commits@incubator.apache.org>
List-Id: <allura-commits.incubator.apache.org>
Reply-To: allura-dev@incubator.apache.org
Delivered-To: mailing list allura-commits@incubator.apache.org
Received: (qmail 67246 invoked by uid 99); 27 Feb 2014 14:48:48 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Feb 2014 14:48:48 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 1F8D292EBA4; Thu, 27 Feb 2014 14:48:48 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: brondsem@apache.org
To: allura-commits@incubator.apache.org
Date: Thu, 27 Feb 2014 14:48:49 -0000
Message-Id: <4d60c074170b4933a80dcc0a3fbf6061@git.apache.org>
In-Reply-To: <5891777307cb45bcbd173f70fda18466@git.apache.org>
References: <5891777307cb45bcbd173f70fda18466@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [2/2] git commit: [#7202] ticket:548 Use https when embedding youtube
 videos

[#7202] ticket:548 Use https when embedding youtube videos


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/9bdfdd1d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/9bdfdd1d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/9bdfdd1d

Branch: refs/heads/master
Commit: 9bdfdd1db1dd19e896e90011af9dff56a8be0241
Parents: 6143e75
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Tue Feb 25 10:34:32 2014 +0000
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Thu Feb 27 14:48:37 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/macro.py          | 20 ++++++++++++++++++--
 Allura/allura/lib/utils.py          |  2 +-
 Allura/allura/tests/test_globals.py |  2 +-
 Allura/allura/tests/test_utils.py   |  4 ++--
 4 files changed, 22 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/lib/macro.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/macro.py b/Allura/allura/lib/macro.py
index efb1433..2116c23 100644
--- a/Allura/allura/lib/macro.py
+++ b/Allura/allura/lib/macro.py
@@ -23,11 +23,13 @@ import traceback
 import oembed
 import jinja2
 from operator import attrgetter
+from urlparse import urlparse, urlunparse
 
 import pymongo
 from pylons import tmpl_context as c, app_globals as g
 from pylons import request
 from paste.deploy.converters import asint
+from BeautifulSoup import BeautifulSoup
 
 from . import helpers as h
 from . import security
@@ -394,6 +396,20 @@ def embed(url=None):
         'http://www.youtube.com/oembed', ['http://*.youtube.com/*', 'https://*.youtube.com/*'])
     consumer.addEndpoint(endpoint)
     try:
-        return jinja2.Markup('<div class="grid-20">%s</div>' % consumer.embed(url)['html'])
+        html = consumer.embed(url)['html']
     except oembed.OEmbedNoEndpoint:
-        return '[[embed url=%s]]' % url
+        html = None
+
+    if html:
+        html = BeautifulSoup(html)
+        embed_url = html.find('iframe').get('src')
+        if embed_url:
+            embed_url = urlparse(embed_url)
+            if embed_url.scheme == 'http':
+                embed_url = urlunparse(['https'] + list(embed_url[1:]))
+            else:
+                embed_url = embed_url.geturl()
+            html.find('iframe')['src'] = embed_url
+            return jinja2.Markup('<div class="grid-20">%s</div>' % html)
+
+    return '[[embed url=%s]]' % url

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/lib/utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 95622c9..ae11ef4 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -543,7 +543,7 @@ class ForgeHTMLSanitizer(_HTMLSanitizer):
     def unknown_starttag(self, tag, attrs):
         if 'iframe' in self.acceptable_elements:
             self.acceptable_elements.remove('iframe')
-        if (tag == 'iframe') and (dict(attrs).get('src', '').startswith('http://www.youtube.com/embed/') or
+        if (tag == 'iframe') and (dict(attrs).get('src', '').startswith('https://www.youtube.com/embed/') or
                                   dict(attrs).get('src', '').startswith('https://www.gittip.com/')):
             self.acceptable_elements.append('iframe')
         _HTMLSanitizer.unknown_starttag(self, tag, attrs)

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/tests/test_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_globals.py b/Allura/allura/tests/test_globals.py
index 704514b..d8f6b52 100644
--- a/Allura/allura/tests/test_globals.py
+++ b/Allura/allura/tests/test_globals.py
@@ -285,7 +285,7 @@ def test_macro_include_extra_br():
 def test_macro_embed():
     r = g.markdown_wiki.convert(
         '[[embed url=http://www.youtube.com/watch?v=kOLpSPEA72U]]')
-    assert '''<div class="grid-20"><iframe height="270" src="http://www.youtube.com/embed/kOLpSPEA72U?feature=oembed" width="480"></iframe></div>''' in r
+    assert '''<div class="grid-20"><iframe height="270" src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed" width="480"></iframe></div>''' in r
     r = g.markdown_wiki.convert('[[embed url=http://vimeo.com/46163090]]')
     assert_equal(
         r, '<div class="markdown_content"><p>[[embed url=http://vimeo.com/46163090]]</p></div>')

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9bdfdd1d/Allura/allura/tests/test_utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_utils.py b/Allura/allura/tests/test_utils.py
index 92f1e28..e791503 100644
--- a/Allura/allura/tests/test_utils.py
+++ b/Allura/allura/tests/test_utils.py
@@ -247,6 +247,6 @@ class TestHTMLSanitizer(unittest.TestCase):
     def test_html_sanitizer_youtube_iframe(self):
         p = utils.ForgeHTMLSanitizer('utf-8', '')
         p.feed(
-            '<div><iframe src="http://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
+            '<div><iframe src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
         assert_equal(
-            p.output(), '<div><iframe src="http://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')
+            p.output(), '<div><iframe src="https://www.youtube.com/embed/kOLpSPEA72U?feature=oembed"></iframe></div>')