New: <<Video ..., auto=true>> plays clips inline on a loop (GIF sty…

…le). - Using the `="true"` work-around as in gollum#430. - The change in `sanitization.rb` further addresses gollum/gollum#1587 by allowing more of the standard video properties. - Also featured: less escaping, capitalisation fix.
aljungberg · Feb 9, 2023 · cd67642 · cd67642
1 parent 47c155b
commit cd67642
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/lib/gollum-lib/macro/video.rb b/lib/gollum-lib/macro/video.rb
@@ -1,8 +1,10 @@
 module Gollum
   class Macro
     class Video < Gollum::Macro
-      def render (fname)
-        "<video width=\"100%\" height=\"100%\" src=\"#{CGI::escapeHTML(fname)}\" controls=\"true\"> HTML5 video is not supported on this Browser.</video>"
+      def render(fname, auto=false)
+        escaped_fname = CGI.escapeHTML(fname)
+        properties = auto ? "autoplay='true' playsinline='true' muted='true' loop='true'" : "controls='true'"
+        "<video width='100%' height='100%' src='#{escaped_fname}' #{properties}>HTML5 video is not supported on this browser.</video>"
       end
     end
   end

diff --git a/lib/gollum-lib/sanitization.rb b/lib/gollum-lib/sanitization.rb
@@ -1,5 +1,5 @@
 ::Loofah::HTML5::SafeList::ACCEPTABLE_PROTOCOLS.add('apt')
-::Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES.add('controls')
+::Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES.merge(%w[controls loop muted playsinline autoplay])
 
 module Gollum
   class Sanitization