Commit graph

5 commits

Author SHA1 Message Date
Joe Mooring
d0788b96ae tpl/tplimpl: Update embedded instagram, twitter, and vimeo shortcodes
- Replace data.GetJSON calls with resources.GetRemote
- Remove usage of Facebook’s oEmbed Read feature

Fixes #11971
2024-02-02 08:01:45 +01:00
Josh Gerdes
edc5c4741c tpl: Add Do Not Track (dnt) option to Vimeo shortcode
Added a Vimeo EnableDNT privacy option to the Hugo config. This will enable the Vimeo 'Do Not Track' flag when either Vimeo shortcode tempalte options are used. When enabled, it will force the Vimeo player to be blocked from tracking any session data, including all cookies and stats.

Fixes #7700
2020-10-02 23:02:38 +02:00
XhmikosR
34dc06b032 tpl: Add rel="noopener" for external links
This could be a security and performance issue.

See https://developers.google.com/web/tools/lighthouse/audits/noopener
2019-09-21 10:08:47 +02:00
Rodolfo Carvalho
e22b3f54c3 tpl: Fix internal templates usage of safeHTMLAttr
The `safeHTMLAttr` function operates on a full attribute definition, not
just within the attribute value.

Docs: https://gohugo.io/functions/safehtmlattr/

For `opengraph.html`, run the whole `content` HTML attribute through
`safeHTMLAttr`. That will preserve `+` signs in formatted dates.

For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an
attribute value, thus having no effect. In this case we could replace it
with `safeURL`, but since the code is coming from an API it is safer to
just let Go's template engine sanitize the value as it already does with
`provider_url`.

Fixes #5236 (no need to change Go upstream)
Related to #5246
2019-05-17 16:00:54 +02:00
Alexandros
8de5324479 Add vimeo_simple
Fixes #4749
2018-05-30 00:48:36 +02:00