Work on custom embeds

lib/customembed.js

@@ -1,22 +1,96 @@
-const allowed = ["iframe", "object", "param", "embed"];
-const tag_re = /<\s*\/?\s*([a-z]+)(\s*([a-z]+)\s*=\s*('[^']*'|"[^"]*"|[^"'>]*))*\s*>/ig;
+var cheerio = require("cheerio");
+var crypto = require("crypto");
+var Media = require("./media");
 
-function filter(str) {
-    if (typeof str !== "string") {
-        return "";
+function sha256(input) {
+    var hash = crypto.createHash("sha256");
+    hash.update(input);
+    return hash.digest("base64");
+}
+
+function filter(input) {
+    var $ = cheerio.load(input, { xmlMode: true });
+    var meta = getMeta($);
+    var id = "cu:" + sha256(input);
+
+    return new Media(id, "Custom Media", "--:--", "cu", meta);
+}
+
+function getMeta($) {
+    var tag = $("embed");
+    if (tag.length !== 0) {
+        return filterEmbed(tag[0]);
+    }
+    tag = $("object");
+    if (tag.length !== 0) {
+        return filterObject(tag[0]);
+    }
+    tag = $("iframe");
+    if (tag.length !== 0) {
+        return filterIframe(tag[0]);
     }
 
-    str = str.replace(tag_re, function (match, tag) {
-        if(!~allowed.indexOf(tag.toLowerCase())) {
-            return match.replace("<", "&lt;").replace(">", "&gt;");
+    throw new Error("Invalid embed.  Input must be an <iframe>, <object>, or " +
+                    "<embed> tag.");
+}
+
+const ALLOWED_PARAMS = /^(flashvars|bgcolor|movie)$/i;
+function filterEmbed(tag) {
+    if (tag.attribs.type !== "application/x-shockwave-flash") {
+        throw new Error("Invalid embed. Only type 'application/x-shockwave-flash' " +
+                        "is allowed for <embed> tags.");
+    }
+
+    var meta = {
+        embed: {
+            tag: "object",
+            src: tag.attribs.src,
+            params: {}
         }
-        return match;
-    });
-    str = str.replace(/(\bon\w*\s*=\s*('[^']*'|"[^"]"|[^\s><]*))/ig, function () {
-        return "";
+    }
+
+    for (var key in tag.attribs) {
+        if (ALLOWED_PARAMS.test(key)) {
+            meta.embed.params[key] = tag.attribs[key];
+        }
+    }
+
+    return meta;
+}
+
+function filterObject(tag) {
+    if (tag.attribs.type !== "application/x-shockwave-flash") {
+        throw new Error("Invalid embed. Only type 'application/x-shockwave-flash' " +
+                        "is allowed for <embed> tags.");
+    }
+
+    var meta = {
+        embed: {
+            tag: "object",
+            src: tag.attribs.data,
+            params: {}
+        }
+    };
+
+    tag.children.forEach(function (child) {
+        if (child.name !== "param") return;
+        if (!ALLOWED_PARAMS.test(child.attribs.name)) return;
+
+        meta.embed.params[child.attribs.name] = child.attribs.value;
     });
 
-    return str.substring(0, 20000);
+    return meta;
+}
+
+function filterIframe(tag) {
+    var meta = {
+        embed: {
+            tag: "iframe",
+            src: tag.attribs.src
+        }
+    };
+
+    return meta;
 }
 
 exports.filter = filter;

lib/get-info.js

@@ -510,8 +510,17 @@ var Getters = {
 
     /* custom embed */
     cu: function (id, callback) {
-        id = CustomEmbedFilter(id);
-        var media = new Media(id, "Custom Media", "--:--", "cu");
+        var media;
+        try {
+            media = CustomEmbedFilter(id);
+        } catch (e) {
+            if (/invalid embed/i.test(e.message)) {
+                return callback(e.message);
+            } else {
+                Logger.errlog.log(e.stack);
+                return callback("Unknown error processing embed");
+            }
+        }
         callback(false, media);
     },
 

lib/media.js

@@ -37,7 +37,8 @@ Media.prototype = {
                 restricted: this.meta.restricted,
                 codec: this.meta.codec,
                 bitrate: this.meta.bitrate,
-                scuri: this.meta.scuri
+                scuri: this.meta.scuri,
+                embed: this.meta.embed
             }
         };
     },