search

jacktuck / unfurl

Metadata scraper with support for oEmbed, Twitter Cards and Open Graph Protocol for Node.js :zap:
MIT License
474 stars 51 forks source link

fix(): Added support for CDATA escaped html fields on xml oembed #96

Closed adrian-seijo closed 1 year ago

adrian-seijo commented 1 year ago

While doing some tests with unfurl I stumble upon Soundcloud XML implementation which was only partially working.

Looking at their XML it seems that they are escaping their html node with CDATA which is not unreasonable to be fair:

<oembed>
  <version type="float">1.0</version>
  <type>rich</type>
  <provider-name>SoundCloud</provider-name>
  <provider-url>https://soundcloud.com</provider-url>
  <height type="integer">400</height>
  <width>100%</width>
  <title>Bugle 179 - Playas gon play by The Bugle</title>
  <description>This week - oh PIPA, Republican't candidates and Craptain Italia. Remember to #savethebugle at http://www.thebuglepodcast.com</description>
  <thumbnail-url>https://i1.sndcdn.com/artworks-000017079411-pgm0ii-t500x500.jpg</thumbnail-url>
  <html><![CDATA[<iframe width="100%" height="400" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?visual=true&url=https%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F34019569&show_artwork=true"></iframe>]]></html>
  <author-name>The Bugle</author-name>
  <author-url>https://soundcloud.com/the-bugle</author-url>
</oembed>

Now unfurl use of htmlparser assumes that any content on the html block will show up as a new tag but that is not the case here, it will show up as text.

So what I have done is to naively check for the tagname while we read text and assume that if we have any text on an html tag it will be for something like this. In that scenario I have, again verynaively, escaped that &lt; and &gt; adn the CDATA and push that string into the content.html.

I have added a new test to cover this, including the example from soudlocud, and everything seems fine. There is certainly room for improvement, that sanitisation of the CDATA is not the best but it does the job for the type of content that we will usually get in that field.

jacktuck commented 1 year ago

Thanks for raising this. The purposed solution does worry me a bit. I have something that should (hopefully) be more robust and will raise separate PR for you to checkout.

jacktuck commented 1 year ago

see #98