From 03a6e391f6649dc9085c383497c2433f9328659e Mon Sep 17 00:00:00 2001
From: Colin Arnott <arnottcr@gmail.com>
Date: Sat, 26 Sep 2015 05:06:11 +0000
Subject: [PATCH 1/4] added plugin support for giphy gifs as embedded content
 and created testcases

---
 js/plugins.js        | 21 ++++++++++++++++++++-
 test/unit/plugins.js |  9 +++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/js/plugins.js b/js/plugins.js
index 8a84758..15657d2 100644
--- a/js/plugins.js
+++ b/js/plugins.js
@@ -353,6 +353,25 @@ plugins.factory('userPlugins', function() {
         }
     });
 
+ /* match giphy links and display the assocaited gif images
+  * sample input:  http://giphy.com/gifs/eyes-shocked-bird-feqkVgjJpYtjy
+  * sample output: https://media.giphy.com/media/feqkVgjJpYtjy/giphy.gif
+  */
+    var giphyPlugin = new UrlPlugin('Giphy', function(url) {
+        var regex = /^https?:\/\/giphy.com\/gifs\/.*-.*\/?/i;
+        if (url.match(regex)) {
+            /* if the url does not contain a trailing slash, add it */
+            if (! url.match(/\/$/i)) { url = url + "/"; }
+            /* upgrade any http links to tls, yeah crypto */
+            if (url.match(/^http:/i)) { url.replace(/http:/, "https:"); }
+            /* change the url to refrence the giphy cdn url, not the userfacing webserver */
+            url = url.replace(/\/giphy.com\//i,"/media.giphy.com/");
+            url = url.replace(/\/gifs\/.*-/i,"/media/");
+            url = url + "giphy.gif";
+            return '<a target="_blank" href="'+url+'"><img class="embed" src="' + url + '"></a>';
+        }
+    });
+
     var tweetPlugin = new UrlPlugin('Tweet', function(url) {
         var regexp = /^https?:\/\/twitter\.com\/(?:#!\/)?(\w+)\/status(?:es)?\/(\d+)/i;
         var match = url.match(regexp);
@@ -391,7 +410,7 @@ plugins.factory('userPlugins', function() {
     });
 
     return {
-        plugins: [youtubePlugin, dailymotionPlugin, allocinePlugin, imagePlugin, videoPlugin, spotifyPlugin, cloudmusicPlugin, googlemapPlugin, asciinemaPlugin, yrPlugin, gistPlugin, tweetPlugin, vinePlugin]
+        plugins: [youtubePlugin, dailymotionPlugin, allocinePlugin, imagePlugin, videoPlugin, spotifyPlugin, cloudmusicPlugin, googlemapPlugin, asciinemaPlugin, yrPlugin, gistPlugin, giphyPlugin, tweetPlugin, vinePlugin]
     };
 
 
diff --git a/test/unit/plugins.js b/test/unit/plugins.js
index e179c0a..34be685 100644
--- a/test/unit/plugins.js
+++ b/test/unit/plugins.js
@@ -139,6 +139,15 @@ describe('filter', function() {
             plugins);
         }));
 
+        it('should recognize giphy gifs', inject(function(plugins) {
+            expectTheseMessagesToContain([
+                'https://giphy.com/gifs/eyes-shocked-bird-feqkVgjJpYtjy/',
+                'http://giphy.com/gifs/funny-cat-FiGiRei2ICzzG',
+            ],
+            'Giphy',
+            plugins);
+        }));
+
         it('should recognize tweets', inject(function(plugins) {
             expectTheseMessagesToContain([
                 'https://twitter.com/DFB_Team_EN/statuses/488436782959448065',

From 875001f1b2987ec50c5008cc9ff902ab37932a23 Mon Sep 17 00:00:00 2001
From: Colin Arnott <arnottcr@gmail.com>
Date: Sat, 26 Sep 2015 22:40:30 +0000
Subject: [PATCH 2/4] simplify regex matching and increase readability of the
 giphy plugin and have plugin link to original userfacing url, not cdn image
 file

---
 js/plugins.js | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/js/plugins.js b/js/plugins.js
index 15657d2..59f5e97 100644
--- a/js/plugins.js
+++ b/js/plugins.js
@@ -358,17 +358,14 @@ plugins.factory('userPlugins', function() {
   * sample output: https://media.giphy.com/media/feqkVgjJpYtjy/giphy.gif
   */
     var giphyPlugin = new UrlPlugin('Giphy', function(url) {
-        var regex = /^https?:\/\/giphy.com\/gifs\/.*-.*\/?/i;
-        if (url.match(regex)) {
-            /* if the url does not contain a trailing slash, add it */
-            if (! url.match(/\/$/i)) { url = url + "/"; }
-            /* upgrade any http links to tls, yeah crypto */
-            if (url.match(/^http:/i)) { url.replace(/http:/, "https:"); }
-            /* change the url to refrence the giphy cdn url, not the userfacing webserver */
-            url = url.replace(/\/giphy.com\//i,"/media.giphy.com/");
-            url = url.replace(/\/gifs\/.*-/i,"/media/");
-            url = url + "giphy.gif";
-            return '<a target="_blank" href="'+url+'"><img class="embed" src="' + url + '"></a>';
+        var regex = /^https?:\/\/giphy.com\/gifs\/.*-(.*)\/?/i;
+        // on match, id will contain the entire url in [0] and the giphy id in [1]
+        var id = url.match(regex);
+        if (id) {
+            var src = "https://media.giphy.com/media/" + id[1] + "/giphy.gif";
+            /* upgrade any http url to tls, yeah crypto */
+            if (url.match(/^http:/i)) { url.replace(/^http:/, "https:"); }
+            return '<a target="_blank" href="'+url+'"><img class="embed" src="' + src + '"></a>';
         }
     });
 

From 2f8ab9dbf32540c054083c6a8db76426fdfcae49 Mon Sep 17 00:00:00 2001
From: Colin Arnott <arnottcr@gmail.com>
Date: Mon, 28 Sep 2015 17:35:28 +0000
Subject: [PATCH 3/4] roll back tls upgrade for giphy plugin link, as it
 conflicts with printed link

---
 js/plugins.js | 2 --
 1 file changed, 2 deletions(-)

diff --git a/js/plugins.js b/js/plugins.js
index 59f5e97..18aa5de 100644
--- a/js/plugins.js
+++ b/js/plugins.js
@@ -363,8 +363,6 @@ plugins.factory('userPlugins', function() {
         var id = url.match(regex);
         if (id) {
             var src = "https://media.giphy.com/media/" + id[1] + "/giphy.gif";
-            /* upgrade any http url to tls, yeah crypto */
-            if (url.match(/^http:/i)) { url.replace(/^http:/, "https:"); }
             return '<a target="_blank" href="'+url+'"><img class="embed" src="' + src + '"></a>';
         }
     });

From 0afa7bc1843eda185425fe2f91409cc9144abcf2 Mon Sep 17 00:00:00 2001
From: David Cormier <david.cormier@erudit.org>
Date: Fri, 16 Oct 2015 15:13:53 -0400
Subject: [PATCH 4/4] plugins: sanitize user input before passing it to plugins

---
 js/plugins.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/js/plugins.js b/js/plugins.js
index 18aa5de..6717fe2 100644
--- a/js/plugins.js
+++ b/js/plugins.js
@@ -57,7 +57,7 @@ var UrlPlugin = function(name, urlCallback) {
  * to display when messages are received.
  *
  */
-plugins.service('plugins', ['userPlugins', '$sce', function(userPlugins, $sce) {
+    plugins.service('plugins', ['userPlugins', '$sce', '$sanitize', function(userPlugins, $sce, $sanitize) {
 
     /*
      * Defines the plugin manager object
@@ -85,7 +85,7 @@ plugins.service('plugins', ['userPlugins', '$sce', function(userPlugins, $sce) {
          */
         var contentForMessage = function(message) {
             message.metadata = [];
-
+            message.text = $sanitize(message.text);
             var addPluginContent = function(content, pluginName, num) {
                 if (num) {
                     pluginName += " " + num;
@@ -110,7 +110,9 @@ plugins.service('plugins', ['userPlugins', '$sce', function(userPlugins, $sce) {
                     nsfw = true;
                 }
 
-                var pluginContent = plugins[i].contentForMessage(message.text);
+                var pluginContent = plugins[i].contentForMessage(
+                    message.text
+                );
                 if (pluginContent && pluginContent !== []) {
 
                     if (pluginContent instanceof Array) {