feat(application_html_formatters_helper): whitelist only YouTube URLs

We do this because from the business logic point-of-view, Coursemology
only supports YouTube. The New Video form's placeholder specifies that,
and the production database only has YouTube URLs.

Author: purfectliterature

app/helpers/application_html_formatters_helper.rb

@@ -86,13 +86,7 @@ def self.build_html_pipeline(custom_options)
   # List of video hosting site URLs to allow
   VIDEO_URL_WHITELIST = Regexp.union(
     /\A(?:https?:)?\/\/(?:www\.)?(?:m.)?youtube\.com\//,
-    /\A(?:https?:)?\/\/(?:www\.)?youtu.be\//,
-    /\A(?:https?:)?\/\/(?:www\.)?(?:player.)?vimeo\.com\//,
-    /\A(?:https?:)?\/\/(?:www\.)?vine\.co\//,
-    /\A(?:https?:)?\/\/(?:www\.)?instagram\.com\//,
-    /\A(?:https?:)?\/\/(?:www\.)?(?:geo.)?dailymotion\.com\//,
-    /\A(?:https?:)?\/\/(?:www\.)?dai\.ly\//,
-    /\A(?:https?:)?\/\/(?:www\.)?youku\.com\//
+    /\A(?:https?:)?\/\/(?:www\.)?youtu.be\//
   ).freeze
 
   OEMBED_WHITELIST_TRANSFORMER = lambda do |env|

spec/helpers/application_formatters_helper_spec.rb

@@ -94,11 +94,6 @@ def hello:
         it 'does not remove embedded content from allowed sources' do
           html = <<-HTML
             <iframe src="//youtube.com/video1"></iframe>
-            <iframe src="//instagram.com/video2"></iframe>
-            <iframe src="//vimeo.com/video3"></iframe>
-            <iframe src="//vine.co/video4"></iframe>
-            <iframe src="//dailymotion.com/video5"></iframe>
-            <iframe src="//youku.com/video6"></iframe>
           HTML
           expect(helper.format_html(html)).to eq(html)
         end
@@ -111,6 +106,11 @@ def hello:
             <iframe src="//vine.com"></iframe>
             <iframe src="//dailymotion.co"></iframe>
             <iframe src="//vimeo.org"></iframe>
+            <iframe src="//instagram.com/video2"></iframe>
+            <iframe src="//vimeo.com/video3"></iframe>
+            <iframe src="//vine.co/video4"></iframe>
+            <iframe src="//dailymotion.com/video5"></iframe>
+            <iframe src="//youku.com/video6"></iframe>
           HTML
           expect(helper.format_html(html)).not_to include('iframe')
         end
@@ -141,7 +141,7 @@ def hello:
           expect(result.scan('src="https://www.youtube.com/embed/jNQXAC9IVRw').size).to eq(embed_count)
         end
 
-        it 'transforms embedded content from dailymotion' do
+        xit 'transforms embedded content from dailymotion' do
           html = <<-HTML
             <oembed url="https://www.dailymotion.com/video/x3k7o56"></oembed>
             <oembed url="https://dailymotion.com/video/x3k7o56"></oembed>
@@ -158,7 +158,7 @@ def hello:
           expect(result.scan('src="https://geo.dailymotion.com/player.html?video=x3k7o56').size).to eq(embed_count)
         end
 
-        it 'transforms embedded content from vimeo' do
+        xit 'transforms embedded content from vimeo' do
           html = <<-HTML
             <oembed url="https://vimeo.com/channels/staffpicks/852794606"></oembed>
             <oembed url="https://vimeo.com/852794606"></oembed>