Benature/omnivore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #933 from omnivore-app/fix/footnote-not-saved

Browse Source 
fix/footnote not saved
This commit is contained in:
Jackson Harper
2022-07-18 11:33:56 -07:00
committed by GitHub
parent 6567de2992 a39a82bd42
commit db2dceec4b
13 changed files with 1590 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/readabilityjs/Readability.js
View File

@ -178,7 +178,7 @@ Readability.prototype = {
},
positive: /article|body|content|entry|hentry|h-entry|main|page|pagination|post|text|blog|story|tweet(-\w+)?|instagram|image|container-banners/i,
negative: /\bad\b|hidden|^hid$| hid$| hid |^hid |banner|combx|comment|com-|contact|foot|footer|footnote|gdpr|masthead|media|meta|outbrain|promo|related|scroll|share|shoutbox|sidebar|skyscraper|sponsor|shopping|tags|tool|widget|controls|video-controls/i,
negative: /\bad\b|hidden|^hid$| hid$| hid |^hid |banner|combx|comment|com-|contact|footer|gdpr|masthead|media|meta|outbrain|promo|related|scroll|share|shoutbox|sidebar|skyscraper|sponsor|shopping|tags|tool|widget|controls|video-controls/i,
extraneous: /print|archive|comment|discuss|e[\-]?mail|share|reply|all|login|sign|single|utility/i,
byline: /byline|author|dateline|writtenby|p-author/i,
publishedDate: /published|modified|created|updated/i,
@ -2879,7 +2879,6 @@ Readability.prototype = {
* 4. Replace the current DOM tree with the new one.
* 5. Read peacefully.
*
* @return void
**/
parse: async function() {
// Avoid parsing too large documents, as per configuration option

11
packages/readabilityjs/test/generate-testcase.js
View File

@ -6,7 +6,6 @@ var prettyPrint = require("./utils").prettyPrint;
var htmltidy = require("htmltidy2").tidy;
var { Readability, isProbablyReaderable } = require("../index");
var JSDOMParser = require("../JSDOMParser");
const { generate: generateRandomUA } = require("modern-random-ua/random_ua");
const puppeteer = require('puppeteer');
const { parseHTML } = require("linkedom");
@ -226,12 +225,12 @@ async function runReadability(source, destPath, metadataDestPath) {
var uri = "http://fakehost/test/page.html";
var myReader, result, readerable;
try {
// Use jsdom for isProbablyReaderable because it supports querySelectorAll
var jsdom = parseHTML(source).document;
readerable = isProbablyReaderable(jsdom);
// Use linkedom for isProbablyReaderable because it supports querySelectorAll
var dom = parseHTML(source).document;
readerable = isProbablyReaderable(dom);
// We pass `caption` as a class to check that passing in extra classes works,
// given that it appears in some of the test documents.
myReader = new Readability(jsdom, { classesToPreserve: ["caption"], url: uri });
myReader = new Readability(dom, { classesToPreserve: ["caption"], url: uri });
result = await myReader.parse();
} catch (ex) {
console.error(ex);
@ -274,7 +273,7 @@ if (process.argv.length < 3) {
if (process.argv[2] === "all") {
fs.readdir(testcaseRoot, function (err, files) {
if (err) {
console.error("error reading testcaseses");
console.error("error reading testcases");
return;
}

2
packages/readabilityjs/test/test-jsdomparser.js → packages/readabilityjs/test/test-linkedomparser.js
View File

@ -10,7 +10,7 @@ var BASETESTCASE = '<html><body><p>Some text and <a class="someclass" href="#">a
var baseDoc = new JSDOMParser().parse(BASETESTCASE, "http://fakehost/");
describe("Test JSDOM functionality", function() {
describe("Test linkedom functionality", function() {
function nodeExpect(actual, expected) {
try {
expect(actual).eql(expected);

12
packages/readabilityjs/test/test-pages/computerenhance.com/expected-metadata.json Normal file
View File

@ -0,0 +1,12 @@
{
"title": "No really, why can't we have raw UDP in JavaScript?",
"byline": "Casey Muratori",
"dir": null,
"excerpt": "In my opinion, the pat answers about security are incomplete. I'd like to see a detailed writeup of specifically why a raw UDP API cannot be made as secure as current HTTPS.",
"siteName": "Computer, Enhance!",
"siteIcon": "https://substackcdn.com/icons/substack/favicon.ico",
"previewImage": "https://substackcdn.com/image/fetch/w_1200,h_600,c_limit,f_jpg,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg",
"publishedDate": "2022-07-05T02:58:16.000Z",
"language": "English",
"readerable": true
}

173
packages/readabilityjs/test/test-pages/computerenhance.com/expected.html Normal file
View File

@ -0,0 +1,173 @@
<DIV class="page" id="readability-page-1">
<article>
<div>
<h3> In my opinion, the pat answers about security are incomplete. I'd like to see a detailed writeup of specifically why a raw UDP API cannot be made as secure as current HTTPS. </h3>
</div>
<div dir="auto">
<div>
<figure>
<a target="_blank" rel="nofollow" href="https://substackcdn.com/image/fetch/f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg">
<picture>
<source type="image/webp" srcset="https://substackcdn.com/image/fetch/w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 424w, https://substackcdn.com/image/fetch/w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 848w, https://substackcdn.com/image/fetch/w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 1272w, https://substackcdn.com/image/fetch/w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg&quot;,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:7578043,&quot;alt&quot;:&quot;A sculpture of a cartoon character stuck in a pipe.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false}" alt="A sculpture of a cartoon character stuck in a pipe." title="A sculpture of a cartoon character stuck in a pipe." srcset="https://substackcdn.com/image/fetch/w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 424w, https://substackcdn.com/image/fetch/w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 848w, https://substackcdn.com/image/fetch/w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 1272w, https://substackcdn.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F43e258db-6164-4e47-835f-d11f10847d9d_5616x3744.jpeg 1456w" sizes="100vw">
</picture>
</a>
</figure>
</div>
<p>
<span>By now I</span> <a href="https://twitter.com/cmuratori/status/1543874684868931584" rel="">should know better</a> <span>than to ask on Twitter for a “rigorous analysis” of anything. As George W. Bush said, “Fool me once, shame on you…</span> <a href="https://www.youtube.com/watch?v=ntwdH3Q54ZY" rel="">fool me cant fooled again</a><span>.”</span>
</p>
<p> I dont want to be “fool me cant get fooled again”, so I officially give up on technical tweets. Todays the last day I will ever post anything technical on Twitter, I promise. Instead, you will be forced to endure yet another Substack, so I can post 3,000-word posts that no one will read. </p>
<p> Here we go: </p>
<p> The goal with raw UDP is very simple: better performance and security on the server side. </p>
<p>
<span>HTTPS is an unbaked sausage made by grinding pure text HTTP with TLS and encasing the result in an arbitrary selection of third-party animal intestine… err, I mean, “highly secure” certificates provided by arbitrarily selected certificate providers. Implementing HTTPS is a massive amount of code that is inexorably slow. It is not only theoretically difficult to secure completely, but is</span> <a href="https://www.openssl.org/news/vulnerabilities.html" rel="">insecure in practice</a> <span>in popular implementations available to the public.</span>
</p>
<p>
<span>Oh, and the certificate authorities are also insecure, by the way - but thats</span> <a href="https://en.wikipedia.org/wiki/DigiNotar" rel="">another story</a> <span>(and</span> <a href="https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/" rel="">another</a><span>, and</span> <a href="https://www.computerworld.com/article/2507090/firm-points-finger-at-iran-for-ssl-certificate-theft.html" rel="">another</a><span>, and</span> <a href="https://sslmate.com/resources/certificate_authority_failures" rel=""></a><span>)</span>
</p>
<p> It also relied (up until recently) on TCP, which, unless you plan to write a completely custom network stack for every type of server/NIC you ever use, requires the underlying kernel to understand and track network connections. This means that you inherit substantial overhead, and perhaps vulnerabilities as well, from the TCP/IP substrate before you even begin to write your server code. </p>
<p> If you were a large company with significant academic and engineering resources, you might instead want to design your own private secure protocol that: </p>
<ol>
<li>
<p> Uses encryption you control, so it cannot be bypassed by hacking the certificate authority, </p>
</li>
<li>
<p> Uses UDP to avoid having OS connection state on the server side, and </p>
</li>
<li>
<p> Uses a well-designed, known packet structure to improve throughput and reduce security vulnerabilities from HTTP/TLS parsing. </p>
</li>
</ol>
<p>
<span>The first thing on that list is half-possible now. Although theres nothing you can (ever</span><a id="footnote-anchor-1" href="#footnote-1" rel="">1</a><span>) do to avoid man-in-the-middle attacks the very first time someone interacts with your server, web APIs have long made it possible to store data on the client for later use. One use for that data would be storing your own set of public keys.</span>
</p>
<p>
<span>So even using nothing newer than XHR and cookies, you could theoretically add your own layer of encryption to anything you send to the server. This would ensure that any subsequent hack of the certificate authority could not inspect or modify your packets. Itd be much less efficient than rolling your own top-to-bottom, because now you pay the entire cost for your encryption</span> <em>and</em> <span>TLS. But you</span> <em>can</em> <span>do it.</span>
</p>
<p>
<span>Its slow, but possible. Call it</span> <em>half-possible</em><span>, like I did above.</span>
</p>
<p>
<span>The second thing on the list is sort-of possible now as well. If you can somehow manage to use</span> <a href="https://en.wikipedia.org/wiki/HTTP/3" rel="">HTTP/3</a> <span>exclusively as your target platform, you will still be talking HTTP but youll be doing it over UDP instead of TCP, and can manage connection state however you wish without OS intervention.</span>
</p>
<p>
<span>It is probably unrealistic to assume that you could do this in practice today. If you didnt care about broad compatibility, you probably wouldnt be deploying on the web anyway, so presumably the current adoption of HTTP/3 is insufficient. But at least it</span> <em>exists</em><span>, and perhaps if adoption continues to grow,</span> <em>eventually</em> <span>it will be possible to require HTTP/3 without losing a significant number of users. For now, its only something you can do on the side - you still have to have a traditional HTTPS fallback.</span>
</p>
<p>
<span>Which brings us to the third item on the list, and the real sticking point. As far as Im aware, no current or planned future Web API ever lets you do number three. There are many new web “technologies” swarming around the custom packet idea (</span><a href="https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API" rel="">WebRTC</a><span>,</span> <a href="https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API" rel="">WebSockets</a><span>,</span> <a href="https://github.com/w3c/webtransport" rel="">WebTransport</a><span>), but to the best of my knowledge, all of them require an HTTPS connection to be made first, so your “custom packet” servers still need to implement all of HTTPS anyway.</span>
</p>
<p> I can imagine someone raising the following objection at this point: “If you dont support HTTPS on the server, how do you serve the WASM/JavaScript/whatever with the custom packet logic in the first place?” </p>
<p> Thats a reasonable question. </p>
<p> The answer is, the two most logical deployment scenarios I can think of both involve a separate server (or process) for the initial HTTPS transaction. </p>
<p> The first is what I imagine would be the most common: you upload to a CDN a traditional web package containing the PWA-style web worker necessary to do your own custom packet logic. The CDN serves this (static) content everywhere for you. They obviously implement HTTPS already, because thats what they do for a living, and theyre not your servers anyway so you dont care. </p>
<p>
<span>The second would be less common, but plausible: you run your own CDN-equivalent, because</span> <a href="https://knowyourmeme.com/memes/chuck-norris-facts" rel="">youre just that hard core</a><span>. But you expect that your HTTPS code is more vulnerable than your custom code, since HTTPS is vastly more complicated and has ridiculous things in it like arbitrary text parsing, which no one in their right mind would ever put into a “secure” protocol. So you cabin your HTTPS server instances into their own restricted processes or own machines entirely. This prevents exploits of the HTTPS code from affecting anything other than newly connecting users - existing users (who are only talking to your custom servers) remain unharmed.</span>
</p>
<p> In neither scenario do you actually include HTTPS code in any of the processes running your actual secure server. </p>
<p> So thats the hopefully-at-least-somewhat-convincing explanation of why someone might want raw UDP. Now the question is, can raw UDP be provided by a browser in a way that is “secure”? </p>
<p>
<span>Im putting a lot of these words in scare quotes because browsers</span> <em>arent</em> <span>secure for any serious definition of that word, and hopefully that is overwhelmingly obvious to everyone who has ever used one. But just to be clear about the landscape, there are two different ways browsers are not secure:</span>
</p>
<ol>
<li>
<p>
<span>The web as a platform consists of massive, overlapping, poorly-specified APIs that require millions of lines of code to fully implement. As a result, browsers inexorably have</span> <a href="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/" rel="">an effectively infinite number of security exploits</a> <span>waiting to be found.</span>
</p>
</li>
<li>
<p> Browsers include the ability, sans exploit, to transmit information from the client computer to any number of remote servers. Without the ability to control this behavior, the users data could be misappropriated. </p>
</li>
</ol>
<p> Clearly, for raw UDP, we only care about the second one of these. The first one happens in browsers all the time already and theres no reason to suspect that raw UDP would somehow have more implementation code vulnerabilities on average than any other part of the sprawling browser substrate. </p>
<p>
<span>So the question is, assuming the browser</span> <em>has not</em> <span>been exploited, what is the security standard for web features, and can raw UDP be implemented under that standard or not?</span>
</p>
<p> As a point of comparison, I will use the example of the current camera/microphone/location policy as it presently exists. That will be our “gold standard”, since if it were not considered “secure” by web implementers, presumably it would not have been knowingly shipped in web browsers everywhere for the past several years. </p>
<p> As everyone who uses a web browser knows, a web site at present is allowed to ask you for permission, temporarily or permanently (your choice), to access your camera, microphone, and location data. Once you say “yes” to any one of these things, that site can transmit that data anywhere in the world, and use it for any purpose, trivially. </p>
<p> Allow me to provide a worked example. </p>
<p>
<span>Suppose I partner with Jeffrey Toobin to make a cybersex conduit site for people who, like him, see the value in quickly switching tabs away from your work meetings to get down to some</span> <em>real</em> <span>business. We launch cyberballsdeep.net, and its a big success.</span>
</p>
<p> When a user visits our site, they see at most two security-related things: </p>
<ol>
<li>
<p> An allow/deny request for access to the microphone and camera, and </p>
</li>
<li>
<p> A lock icon indicating that the connection has been signed by a third party warranting that this connection is end-to-end encrypted from the users machine to some server somewhere with the secure keys for cyberballsdeep.net. </p>
</li>
</ol>
<p> Assuming you click “allow” - which you have to in order to use the service - the servers at cyberballsdeep.net can now do anything they want with your (very sensitive) video data. They can, for example, record you while you are toobin and play it back at any time, anywhere, at their discretion. They could play it on a billboard in Times Square, they could send it to your spouse - anything goes. </p>
<p> So the “security standard” that you are getting, in practice, exactly mirrors the two things you saw: </p>
<ol>
<li>
<p> You know your sensitive data will not be captured unless you click “allow”, and </p>
</li>
<li>
<p> You know that nobody will be able to see your sensitive data unless either cyberballsdeep.net or the issuing certificate authority let them (either intentionally, or unintentionally if theyve been hacked). </p>
</li>
</ol>
<p>
<span>Thats it. You dont know anything else. In practice, you basically have no security guarantees other than a warrant that your sensitive data will go to a particular named party</span> <em>first</em> <span>before it goes somewhere else.</span>
</p>
<p>
<span>Hopefully we can all agree that this extremely low bar for security is the only hurdle one should have to clear in order to dismiss concerns of “security” as a reason not to implement a feature in a W3C spec. Its not much, but it is</span> <em>something</em><span>.</span>
</p>
<p>
<span>OK, finally, with all that out of the way, this is what I actually wanted someone to point me to</span> <a href="https://twitter.com/cmuratori/status/1543874684868931584" rel="">when I asked about this on Twitter</a><span>. I just wanted to see that someone, somewhere, had worked out exactly why UDP could not be made to fit the same security model considered acceptable across other basic web features already deployed and considered “secure”.</span>
</p>
<p> Since nobody sent me such a thing, I am still stuck with my own security modeling, with nothing to compare against. My model goes something like this: </p>
<p> Step one - the “allow/deny” step - is easy for raw UDP to provide. The browser is still sitting between the JavaScript/WASM layer and the OS sockets layer, so it can ensure that inbound and outbound packets are filtered any way the browser wishes. </p>
<p> This means that it would be trivial for a browser to only allow UDP packets to and from servers that the user has authorized, as it does with microphone, camera, and location data. Any site that wishes to access raw UDP simply provides a hostname to the browser, and the browser asks the user whether they wish to allow the page to communicate with that site. </p>
<p> Furthermore, since the browser already allows the page to send as much HTTPS data as it wants back to the originating site, one could optionally allow any site to send UDP packets back to its own (exact) originating IP without asking the user. This is not necessary for raw UDP to work, but I cant think of any violation of “step one” that would happen as a result, so it could be considered. </p>
<p>
<span>Note that this is</span> <em>not</em> <span>true for something like camera/microphone/location data. Those are additional data sources to which the page gets access, so if anything, raw UDP permission is</span> <em>less</em> <span>dangerous in terms of user permission, since at no time does the page itself get additional access to the users data, regardless of whether they allow UDP communication.</span>
</p>
<p> Which brings us to step two. </p>
<p> As far as I can tell, theres actually nothing special about step two. The original web page was served by HTTPS, obviously, since thats the only way the browser supports getting WASM/JavaScript downloaded in the first place. So the originating server and code are already exactly as “secure” as they would be in any other scenario. </p>
<p> The user had to affirmatively allow the destination name, so the page can only send UDP to a specifically approved endpoint. </p>
<p>
<span>So the only question is,</span> <em>can the user be sure that the data sent to that endpoint is encrypted such that only the endpoint or the certificate authority can decrypt it?</em>
</p>
<p>
<span>I cant know the hivemind of a W3C committee (thank the heavens). But if I had to guess, I would suspect that this is why they didnt want to allow raw UDP (or raw TCP for that matter). In their mind, it probably seems</span> <em>less secure</em> <span>than HTTPS to allow a web page to implement its own secure UDP protocol.</span>
</p>
<p>
<span>However, to my mind, this is based upon a flawed assumption. That assumption is that somehow web implementers</span> <em>can</em> <span>be trusted to deploy their encryption keys securely, but</span> <em>cannot</em> <span>be trusted to deploy their protocol securely.</span>
</p>
<p> To be more specific, HTTPS can be intercepted trivially if the attacker A) has a machine on the route between the endpoints and B) has access to the servers keys, or any certificate authoritys signing capability. (A) either happens or it doesnt - theres no way to control it - so (B) is really the entire question. </p>
<p> So the notion that allowing web pages to use UDP for transmission is less secure than HTTPS seems to me to be predicated on the notion that web developers can be trusted to do something complicated in one place (run a set of servers without leaking keys), but also cannot be trusted to do something complicated in another (download, for example, a JavaScript UDP encryption library and use it). </p>
<p> Stated alternately, the hard constraint on the client side that you cant roll your packet code “for security reasons” is nowhere to be found on the server side. There is no requirement anywhere in W3C or anywhere else that says your web server has to be… well… anything at all, really. You can just go ahead and write your own code from top to bottom. You can even have a dedicated web page on your site that has the entire cryptographic key set for the server posted on it for people to cut-and-paste, so everyone can impersonate your server to anyone, anywhere, at any time. You can leave a thumb drive with your keys at the bar. You can generate your keys with a random seed of 0x000000000000000000. Anything goes. </p>
<p>
<span>Nobody seems to be panicked about this. Nobody has pushed the policy that the W3C should standardize on a specific web server deployment that you are forced to use, or a set of n of them made by Google/Mozilla/Apple, or what have you. It is just assumed that everyone is allowed to write their own</span> <em>server</em> <span>packet handling, but that no one is allowed to write their own</span> <em>client</em> <span>packet handling.</span>
</p>
<p> So thats what I would like explained. Internet, justify this! </p>
<p> I have seen people mention (but not support) a claim that raw UDP would cause “denial of service” problems because malicious web pages would send UDP packets to random servers in an attempt to overload them. This claim seems completely baseless to me, because there is no reason why you cant employ the relevant XHR DDoS restrictions to UDP. If DDoS was the concern, just require that UDP packets be sent exclusively within the same domain as the originating code. </p>
<p>
<span>Furthermore, you could restrict the port ranges of raw web UDP to some assigned range. A new port range could be explicitly reserved</span> <em>just for raw web UDP</em> <span>if that makes people more comfortable, so it could literally be discarded at the gateway on any network that doesnt want to support raw UDP for web, making it easier to deal with than UDP attacks from native code and viruses which can choose their ports at will.</span>
</p>
<p>
<span>At that point, I fail to see how raw UDP from the browser could be significantly more dangerous than XHR, unless I am missing some particularly clever use of UDP. And again,</span> <em>thats why I asked for writeups in my original tweet</em><span>. Im totally willing to believe Im missing something, but I want to see a complete technical explanation about what it is.</span>
</p>
<p>
<span>Now, none of this is the same as saying I cant see how you would perform DDoS attacks with raw UDP. I certainly can. I just cant see how you would perform them</span> <em>more easily than with XHR,</em> <span>which obviously is considered “secure”</span><em>.</em>
</p>
<p> As a simple example, suppose a commercial CDN distributes the payload of ddosfuntimes.com. On the main page, theres an XHR to target.ddosfuntimes.com. Even though the CDN is a completely different set of IP addresses as target.ddosfuntimes.com, this is completely legal under XHR policy. </p>
<p> The owners of ddosfuntimes.com can go ahead and set the IP address in their DNS records to point target.ddosfuntimes.com at any server they want, and they will receive all the XHR traffic from every browser that visits the page. And to the best of my knowledge, there isnt a damn thing the target can do about that. </p>
<p> So unless Im missing something, XHR already allows you to target any website you wish with unwanted traffic from anyone who visits your site. So why the concern about UDP? </p>
<div id="footnote-1">
<p><a href="#footnote-anchor-1" contenteditable="false" rel="">1</a></p>
<div>
<p>
<span>This is way off topic, but in case it struck people as odd: all secure systems have a root trust problem. At some point you have to get</span> <em>something</em> <span>from</span> <em>somebody</em> <span>that you will just blindly trust. This is the root of the chain of trust, and unfortunately, theres really nothing you can do to make it secure. You just have to hope that this initial exchange is trusted.</span>
</p>
<p> So in the case of web browsers, you have to keep in mind that HTTPS doesnt actually guarantee you anything beyond a chain of trust. You are implicitly trusting that a) nobody messed with the browser when you downloaded it, b) none of the certificate authorities trusted by that browser download have been compromised, c) the certificate for signing browser root certificate updates hasnt itself been compromised. </p>
<p> Etc., etc. </p>
<p>
<span>So in general, when we talk about adding security to a protocol, we can only talk about securing it</span> <em>up to a point</em><span>. No matter what we do, there will never be a way for it to be</span> <em>completely</em> <span>secure, because the chain of trust is not infinite, and any of its endpoints (in this case, the browser itself or any certificate authority) can lie to you for as long as it takes for a security firm to catch them doing it.</span>
</p>
</div>
</div>
</div>
</article>
</DIV>

1235
packages/readabilityjs/test/test-pages/computerenhance.com/source.html Normal file
View File

File diff suppressed because one or more lines are too long

1
packages/readabilityjs/test/test-pages/computerenhance.com/url.txt Normal file
View File

@ -0,0 +1 @@
https://www.computerenhance.com/p/no-really-why-cant-we-have-raw-udp

2
packages/readabilityjs/test/test-pages/danwang/expected-metadata.json
View File

@ -4,7 +4,9 @@
"dir": null,
"excerpt": "Centralized campaigns of inspiration; Proust; rejecting complacency and decadence; the pandemic in Beijing; brown sauce; riding a bike; rejuvenation.",
"siteName": "Dan Wang",
"siteIcon": "https://danwang.co/wp-content/uploads/2014/09/dan-wang-shopify12.png",
"previewImage": "https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?fit=700%2C1044&ssl=1",
"publishedDate": "2021-01-01T15:44:10.000Z",
"language": "English",
"readerable": true
}

126
packages/readabilityjs/test/test-pages/danwang/expected.html
View File

@ -1,4 +1,4 @@
<div id="readability-page-1" class="page">
<DIV class="page" id="readability-page-1">
<div id="page" role="main">
<article id="post-1569">
<!-- .entry-header -->
@ -22,7 +22,7 @@
<p> When its not being vague, the party can be trying to have things both ways. Xi declared at the third plenum in 2013 that market forces would have a “decisive” role in allocating resources, while at the same time the state sector would have a “leading” role. Its not unusual to see a great deal of semantic acrobatics. Deng declared that socialism means the capacity to concentrate resources to accomplish great tasks; under that definition, the Apollo and Manhattan projects were socialism. In July, Xi reminded us that “socialism with Chinese characteristics has many distinctive features, but its most essential is leadership by the Chinese Communist Party.” </p>
<p>In other words, socialism with Chinese characteristics means the party is never wrong. Either the market or the state sector can be more important at any moment: it is the partys pleasure to decide. </p>
<p> Centralized campaigns of inspiration, which usually manifests through fixing slogans, is a distinctive feature of the Chinese political system. In the US, political candidates trot out slogans when they run for election; in China, one is never far from the next big named initiative. At its best, defining major goals is the essence of political leadership, and nowhere is this principle better illustrated than Apollo. John F. Kennedy announced the target in 1961: land a man on the moon and return him safely to earth before the decade was out. By fixing this clear goal, </p>
<p>as well as committing the necessary spending, he accelerated the creation, development, and deployment of technologies that made the lunar landings possible.&nbsp; </p>
<p>as well as committing the necessary spending, he accelerated the creation, development, and deployment of technologies that made the lunar landings possible.</p>
<p> Xi grasps this idea of leadership. In his tenure, he has unleashed a torrent of new initiatives. In my view, he feels that the practice of governing China under socialism cannot be an exercise in sustained mendacity. The political system can no longer continue to be an unstable structure based on ad hoc compromises; instead it must have a clear organizational structure, with the party at the top. And the ruling party needs to have the political consciousness of an effective governing force. </p>
<p> Consider two of his most important initiatives: the campaign against corruption and the move toward law-based governance. Xi has decided that corruption is not a mystery to be endured, but a problem to be solved. A few years past the peak of the crackdown, its fair to say that the campaign hasnt solely been effective in removing his adversaries, but has also been broad enough to restore some degree of public confidence in government. A few commentators contend that removal of opportunities for graft have prompted talented people to leave government. But the flip side of that coin has been the improvement in morale among the civil servants who found corruption among colleagues to be intolerable, and can finally see themselves doing public work well.&nbsp; </p>
<p> And for years, Xi has emphasized following clear rules of written procedure, under the rubric of “law-based governance.” </p>
@ -40,11 +40,11 @@
<p> Given the importance of the slogan, its worthwhile to try to come to terms with the fondness and reverence his generation has for the partys early days. Many of the people tormented by the party center, including Deng and Xis father, have ended up being fiercely loyal to the party. </p>
<p>That shows not just that human nature is complex, but also that the revolutionary heritage of the party instills pride. The CCP started out as a combat party constantly at the mercy of forces grander than itself, achieving its goals after an unusually long struggle that repeatedly brought it to the brink of death. Daniel Koss reminds us that the longer that revolutionary parties have to struggle before consolidating power, the more stronger their ideological commitments and the greater their governance durability tend to be. </p>
<p> Xi is keen to reflect upon the regimes history. He has decided that the party must believe in itself, and that it is correct to do so: “If our Party members and officials are firm in their ideals and convictions and maintain high morale in their activities and initiatives, and if our people are high-spirited and determined, then we will surely create many miracles.” </p>
<p>Furthermore, he has stated: “The prospects are bright but the challenges are severe. All comrades must aim high and look far, be alert to dangers even in times of calm, have the courage to pursue reform and break new ground, and never become hardened to change.”&nbsp; </p>
<p>Furthermore, he has stated: “The prospects are bright but the challenges are severe. All comrades must aim high and look far, be alert to dangers even in times of calm, have the courage to pursue reform and break new ground, and never become hardened to change.”</p>
<p> Thus Ive arrived at the idea that a commitment to centralized campaigns of inspiration, represented by the tendency to fix clear goals, is the booster stage required to leave the gravitational pull of decadence and complacency. Ross Douthat laments that “a consistent ineffectuality in American governance is just the way things are.” </p>
<p>And he references Jacques Barzun, who defines a decadent society as one that is “peculiarly restless, for it sees no clear lines of advance.” As a society turns developed, its main problems become social: an organizational sclerosis, which no technology is sophisticated enough to solve. No great effort is required to identify the comprehensive paralysis in the US. And that is the political and social current that Xi is trying to reverse in China. </p>
<p> One way to do that is to continue to pursue GDP growth, which has mostly become an unfashionable idea today in the west. Xi reminded the state in July that “economic work must be our core task, if we succeed in that, then the rest of our tasks become easy.” </p>
<p>Barry Naughton has noted that “Chinas system of incentives for local bureaucrats to encourage growth is extremely unusual, and seems only to exist in China. It is a blunt and powerful instrument.”&nbsp; </p>
<p>Barry Naughton has noted that “Chinas system of incentives for local bureaucrats to encourage growth is extremely unusual, and seems only to exist in China. It is a blunt and powerful instrument.”</p>
<p> This emphasis on growth makes it less likely for China to develop into American complacency or decadence. There are other types of paralysis that it stands a good chance of avoiding. With its emphasis on the real economy, it is trying to avoid the fate of Hong Kong, where local elites have reorganized the productive forces completely around sustaining high property prices and managing mainland liquidity flows. With its emphasis on economic growth, it cannot be like Taiwan, whose single bright corporate beacon is surrounded by a mass of firms undergoing genteel decline. With its emphasis on manufacturing, it cannot be like the UK, which is so successful in the sounding-clever industries—television, journalism, finance, and universities—while seeing a falling share of R&amp;D intensity and a global loss of standing among its largest firms. </p>
<p> Douthats book does not deal seriously with China, only with a fantasy of a universally-surveilled society under the rubric of a social credit system. If he did engage more seriously, he might pick up what Frank Pieke has termed “neo-socialism,” which is the attempt to harness market liberalization to strengthen state capacity and a more Leninist party. </p>
<p>In return, the state provides purpose and direction, as well as inspiring the rest of society with a transformative mission. It helps, of course, that Xi is a genuine believer in socialism, which to him is both an instrument as well as an end. Hes leveraging that belief to reject decadence and assert agency to point out new lines of advance. </p>
@ -54,8 +54,7 @@
<p> That was quite a lot of theory. Where does it fall apart? </p>
<p> Xi has said: “If we turn a blind eye to challenges, or even dodge or disguise them; if we fear to advance in the face of challenges and sit by and watch the unfolding calamity; then they will grow beyond our control and cause irreparable damage.” </p>
<p>Instead of heeding this warning, authorities in Wuhan suppressed reporting of a spread of a novel virus. At a time when they should have imposed restrictions, they congregated thousands around a gigantic potluck. That has indeed unfolded into a calamity. </p>
<p> Xi has said<strong>:</strong> “Some officials are perfunctory in their work, shirking responsibility when troubles come and dodging thorny problems. They like to report every trifle to their superiors for approval or directives. In doing so, they appear to be abiding by the rules but are actually avoiding responsibilities. Some make ill-considered or purely arbitrary decisions. They place themselves above the party organization and allow no dissenting voices.” </p>
<p>&nbsp;But as economic growth slows down, the country is doubling down on centralized government. Over the last several years, the state is taking more of a leading role in the economy, which means a larger role for bureaucrats. </p>
<p> Xi has said<strong>:</strong> “Some officials are perfunctory in their work, shirking responsibility when troubles come and dodging thorny problems. They like to report every trifle to their superiors for approval or directives. In doing so, they appear to be abiding by the rules but are actually avoiding responsibilities. Some make ill-considered or purely arbitrary decisions. They place themselves above the party organization and allow no dissenting voices.” </p> &nbsp;<p>But as economic growth slows down, the country is doubling down on centralized government. Over the last several years, the state is taking more of a leading role in the economy, which means a larger role for bureaucrats. </p>
<p> Xi has said: “Self-criticism needs to be specific about our problems and needs to touch underlying questions… We must be gratified when told of our errors; we must not shy away from our shortcomings. We must accommodate different opinions and sharp criticism.” </p>
<p>When medical professionals spoke up about a strange new virus circulating in Wuhan, police gave them reprimands. More and more often, the state is simply arresting critics. Even though the government has every reason to be confident about the effectiveness of its virus containment, it has issued a jail sentence to a citizen journalist under the catch-all charge of “picking quarrels and provoking trouble.” For all the emphasis on seeking truth from facts, the state still maintains this practice of shooting the messenger or jailing its critics. </p>
<p> On its own terms, the party centers instruction is unevenly followed. And there are plenty of reasons to doubt the sustainability of Chinese growth that exist beyond the partys capacity for self-reform. The following have all received extensive treatment: demographics will be a clear and serious drag in only a few years; an uncomfortable buildup of debt is now accompanied by growing investor discomfort with strategic defaults; the environment is bearing greater stresses; and based on the states aggression abroad and the operation of detention camps for minority groups at home, the rest of the world has become much less friendly towards China. One can add more items here, I want to consider the problems with centralized campaigns of inspiration. </p>
@ -137,7 +136,7 @@
<p> In the early months of the pandemic, I picked up a new skill: riding a bike. Ive always been mortified to admit that I never properly knew how. With the encouragement of kind and patient friends, Ive enjoyed cycling so much that it has become the primary way I get around Beijing. The city is good for cyclists, with its wide bicycle paths and flat roads. (Given the behavior of most drivers though, Beijing requires taking seriously the principle of safety first.) My favorite activity has become to cycle to the Forbidden City and back home, a nice hour-long ride that I would do after lunch. Im still enjoying the feeling of gliding down a road on my own propulsion, which gives me a sense of slight unreality. Thats been good for thinking: I wrote significant chunks of this letter while riding down Beijings second and fourth ring roads. </p>
<p> This year marks my seventh of not drinking. I expect that Im in the best shape of my life, given that, regular bike rides, occasional badminton sessions, and working out with my personal trainer three times a week. Still, Im exhausted. That doesnt mean its time to slow down. There are too many interesting things left to do. </p>
<figure>
<a href="https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?ssl=1"><img loading="lazy" width="1000" height="1492" src="https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?fit=700%2C1044&amp;ssl=1" alt="" srcset="https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?w=1000&amp;ssl=1 1000w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=465%2C694&amp;ssl=1 465w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=700%2C1044&amp;ssl=1 700w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=768%2C1146&amp;ssl=1 768w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=940%2C1402&amp;ssl=1 940w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=200%2C298&amp;ssl=1 200w" sizes="(max-width: 1000px) 100vw, 1000px"></a>
<a href="https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?ssl=1"><img loading="lazy" width="1000" height="1492" src="https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?fit=700%2C1044&ssl=1" alt="" srcset="https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?w=1000&ssl=1 1000w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=465%2C694&ssl=1 465w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=700%2C1044&ssl=1 700w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=768%2C1146&ssl=1 768w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=940%2C1402&ssl=1 940w, https://i1.wp.com/danwang.co/wp-content/uploads/2021/01/nasa-titan.jpg?resize=200%2C298&ssl=1 200w" sizes="(max-width: 1000px) 100vw, 1000px"></a>
</figure>
<p>
<em>Titan, a planet-sized moon of Saturn, has a thick atmosphere and liquid oceans. It and Europa—one of the moons of Jupiter, which might have warm liquid oceans—offer the best chances of discovering extraterrestrial life in our solar system. Credit:</em> <a href="https://www.jpl.nasa.gov/visions-of-the-future/" target="_blank" rel="noreferrer noopener"><em>JPL</em></a>
@ -158,10 +157,121 @@
</li>
</ul>
</div><!-- widgets_on_page -->
<div>
<hr>
<ol>
<li id="footnote-1-1569">
<p> see Anne-Marie Brady: Marketing Dictatorship: Propaganda and Thought Work in Contemporary China<a href="#note-1-1569"></a>
</p>
</li>
<!--/#footnote-1.footnote-->
<li id="footnote-2-1569">
<p> 中国特色社会主义有很多特点和特征但最本质的特征是坚持中国共产党领导。http://www.qstheory.cn/dukan/qs/2020-07/15/c_1126234524.htm<a href="#note-2-1569"></a>
</p>
</li>
<!--/#footnote-2.footnote-->
<li id="footnote-3-1569">
<p> For more, see Charles Fishmans excellent One Giant Leap, which showed how NASA had to invent a thousand and one technologies to reach the moon <a href="#note-3-1569"></a>
</p>
</li>
<!--/#footnote-3.footnote-->
<li id="footnote-4-1569">
<p> Sometimes translated as “rule of law”: 依法治国<a href="#note-4-1569"></a>
</p>
</li>
<!--/#footnote-4.footnote-->
<li id="footnote-5-1569">
<p>
<a href="http://www.xinhuanet.com/english/2020-06/07/c_139120424.htm">http://www.xinhuanet.com/english/2020-06/07/c_139120424.htm</a><a href="#note-5-1569"></a>
</p>
</li>
<!--/#footnote-5.footnote-->
<li id="footnote-6-1569">
<p> see Dan Grover on the UI changes that Chinese apps made: http://dangrover.com/blog/2020/04/05/covid-in-ui.html<a href="#note-6-1569"></a>
</p>
</li>
<!--/#footnote-6.footnote-->
<li id="footnote-7-1569">
<p> Thats a broad and unfair generalization, I know. This Economist leader offers a more nuanced view: https://www.economist.com/briefing/2020/08/15/xi-jinping-is-trying-to-remake-the-chinese-economy<a href="#note-7-1569"></a>
</p>
</li>
<!--/#footnote-7.footnote-->
<li id="footnote-8-1569">
<p> This is my translation of 不忘初心、牢记使命. There are variations on the third line, I included one Ive seen: 永远奋斗 <a href="#note-8-1569"></a>
</p>
</li>
<!--/#footnote-8.footnote-->
<li id="footnote-9-1569">
<p> see this excellent discussion between Frederick Teiwes and Joseph Torigian https://omny.fm/shows/the-little-red-podcast/xi-dada-and-daddy-power-the-party-and-the-presiden<a href="#note-9-1569"></a>
</p>
</li>
<!--/#footnote-9.footnote-->
<li id="footnote-10-1569">
<p> From Dialectical Materialism Is the Worldview and Methodology of Chinese Communists, 广大党员、干部理想信念坚定、干事创业精气神足,人民群众精神振奋、发愤图强,就可以创造出很多人间奇迹 http://www.qstheory.cn/dukan/qs/2018-12/31/c_1123923896.htm<a href="#note-10-1569"></a>
</p>
</li>
<!--/#footnote-10.footnote-->
<li id="footnote-11-1569">
<p> Report to the 19th party congress: http://www.xinhuanet.com/english/download/Xi_Jinpings_report_at_19th_CPC_National_Congress.pdf<a href="#note-11-1569"></a>
</p>
</li>
<!--/#footnote-11.footnote-->
<li id="footnote-12-1569">
<p> see The Decadent Society<a href="#note-12-1569"></a>
</p>
</li>
<!--/#footnote-12.footnote-->
<li id="footnote-13-1569">
<p> 经济工作是中心工作党的领导当然要在中心工作中得到充分体现抓住了中心工作这个牛鼻子其他工作就可以更好展开。http://www.qstheory.cn/dukan/qs/2020-07/15/c_1126234524.htm<a href="#note-13-1569"></a>
</p>
</li>
<!--/#footnote-13.footnote-->
<li id="footnote-14-1569">
<p> see Frank Piekes Knowing China<a href="#note-14-1569"></a>
</p>
</li>
<!--/#footnote-14.footnote-->
<li id="footnote-15-1569">
<p> see Dialectical Materialism Is the Worldview and Methodology of Chinese Communists 如果对矛盾熟视无睹,甚至回避、掩饰矛盾,在矛盾面前畏缩不前,坐看矛盾恶性转化,那就会积重难返,最后势必造成无法弥补的损失。 http://www.qstheory.cn/dukan/qs/2018-12/31/c_1123923896.htm<a href="#note-15-1569"></a>
</p>
</li>
<!--/#footnote-15.footnote-->
<li id="footnote-16-1569">
<p> from the speech at the Third Plenary Session of the 19th Central Commission for Discipline Inspection<a href="#note-16-1569"></a>
</p>
</li>
<!--/#footnote-16.footnote-->
<li id="footnote-17-1569">
<p> from Goals of the Aspiration and Mission Education Campaign, May 31 2019<a href="#note-17-1569"></a>
</p>
</li>
<!--/#footnote-17.footnote-->
<li id="footnote-18-1569">
<p> http://www.chinafilm.gov.cn/chinafilm/contents/141/2533.shtml<a href="#note-18-1569"></a>
</p>
</li>
<!--/#footnote-18.footnote-->
<li id="footnote-19-1569">
<p> Wang Hongsheng, a boss at Jinghai, admits to fretting about interruptions to chick supplies, even wondering if President Donald Trump might curb American exports. https://www.economist.com/china/2020/10/31/high-tech-chickens-are-a-case-study-of-why-self-reliance-is-so-hard<a href="#note-19-1569"></a>
</p>
</li>
<!--/#footnote-19.footnote-->
<li id="footnote-20-1569">
<p> see this WSJ story https://www.wsj.com/articles/the-u-s-vs-china-the-high-cost-of-the-technology-cold-war-11603397438 and Doug Fullers claim on Tokyo Electron https://www.jhuapl.edu/assessing-us-china-technology-connections/publications<a href="#note-20-1569"></a>
</p>
</li>
<!--/#footnote-20.footnote-->
<li id="footnote-21-1569">
<p> This is admittedly a bit of my own fanciful translation of 必须看到实体经济是基础各种制造业不能丢作为14亿人口的大国粮食和实体产业要以自己为主这一条绝对不能丢 http://www.qstheory.cn/dukan/qs/2020-10/31/c_1126680390.htm<a href="#note-21-1569"></a>
</p>
</li>
<!--/#footnote-21.footnote-->
</ol>
</div>
<!--/#footnotes-->
</div><!-- .entry-content -->
<!-- .entry-meta -->
</article><!-- #post-1569 -->
<!-- #comments .comments-area -->
</div>
</div>
</DIV>

4
packages/readabilityjs/test/test-pages/garymarcus/expected.html
View File

@ -46,6 +46,10 @@
<p> Epilogue: </p>
<p> Last word to philosopher poet Jag Bhalla </p>
<div data-tweet-id="1536069788266549248" class="tweet-placeholder"></div>
<div id="footnote-1">
<p><a href="#footnote-anchor-1" contenteditable="false" rel="">1</a></p>
<p> To be triply sure I asked Aguera y Arcas if I could have access to LaMDA; so far Google has been unwilling to let pesky academics like me have a look see. Ill report back if that changes. </p>
</div>
</div>
</article>
</DIV>

2
packages/readabilityjs/test/test-pages/sciencedirect/expected-metadata.json
View File

@ -4,7 +4,9 @@
"dir": null,
"excerpt": "The “Weak Garden of Eden” model for the origin and dispersal of modern humans (Harpendinget al., 1993) posits that modern humans spread into separate …",
"siteName": null,
"siteIcon": "https://sdfestaticassets-eu-west-1.sciencedirectassets.com/shared-assets/13/images/favSD.ico",
"previewImage": "https://ars.els-cdn.com/content/image/1-s2.0-S0047248420X00121-cov150h.gif",
"publishedDate": null,
"language": "English",
"readerable": true
}

42
packages/readabilityjs/test/test-pages/sciencedirect/expected.html
View File

@ -1,27 +1,53 @@
<div id="readability-page-1" class="page">
<div id="app" data-reactroot="" data-iso-key="_0">
<DIV class="page" id="readability-page-1">
<div data-iso-key="_0" id="app" data-reactroot="">
<header id="gh-cnt">
<div id="gh-main-cnt">
<p><a id="gh-branding" href="http://fakehost/" aria-label="Science Direct home page" data-aa-region="header" data-aa-name="ScienceDirect"><img src="https://sdfestaticassets-us-east-1.sciencedirectassets.com/shared-assets/24/images/elsevier-non-solus-new-grey.svg" alt="Elsevier logo" height="48" width="54" /></a></p>
<p><a id="gh-branding" href="http://fakehost/" aria-label="Science Direct home page" data-aa-region="header" data-aa-name="ScienceDirect"><img src="https://sdfestaticassets-us-east-1.sciencedirectassets.com/shared-assets/24/images/elsevier-non-solus-new-grey.svg" alt="Elsevier logo" height="48" width="54"></a></p>
</div>
</header>
<div id="mathjax-container">
<article role="main" lang="en" xml:lang="en">
<div id="publication">
<p><a href="http://fakehost/science/journal/00472484"><img src="https://sdfestaticassets-eu-west-1.sciencedirectassets.com/prod/f2535c1f99580f9586d80169ddc369fb3f2fe21f/image/elsevier-non-solus.png" alt="Elsevier" /></a>
<p><a href="http://fakehost/science/journal/00472484"><img src="https://sdfestaticassets-eu-west-1.sciencedirectassets.com/prod/f2535c1f99580f9586d80169ddc369fb3f2fe21f/image/elsevier-non-solus.png" alt="Elsevier"></a>
</p>
<p><a href="http://fakehost/science/journal/00472484/34/6"><img src="https://ars.els-cdn.com/content/image/1-s2.0-S0047248420X00121-cov150h.gif" alt="Journal of Human Evolution" /></a>
<p><a href="http://fakehost/science/journal/00472484/34/6"><img src="https://ars.els-cdn.com/content/image/1-s2.0-S0047248420X00121-cov150h.gif" alt="Journal of Human Evolution"></a>
</p>
</div>
<div id="abstracts">
<h2> Abstract </h2>
<div id="aep-abstract-sec-id5">
<p id="simple-para0005"> The “Weak Garden of Eden” model for the origin and dispersal of modern humans (Harpending<em>et al.</em>, 1993) posits that modern humans spread into separate regions from a restricted source, around 100&#160;ka (thousand years ago), then passed through population bottlenecks. Around 50&#160;ka, dramatic growth occurred within dispersed populations that were genetically isolated from each other. Population growth began earliest in Africa and later in Eurasia and is hypothesized to have been caused by the invention and spread of a more efficient Later Stone Age/Upper Paleolithic technology, which developed in equatorial Africa. </p>
<p id="simple-para0010"> Climatic and geological evidence suggest an alternative hypothesis for Late Pleistocene population bottlenecks and releases. The last glacial period was preceded by one thousand years of the coldest temperatures of the Later Pleistocene (7170&#160;ka), apparently caused by the eruption of Toba, Sumatra. Toba was the largest known explosive eruption of the Quaternary. Toba's volcanic winter could have decimated most modern human populations, especially outside of isolated tropical refugia. Release from the bottleneck could have occurred either at the end of this hypercold phase, or 10,000 years later, at the transition from cold oxygen isotope stage 4 to warmer stage 3. The largest populations surviving through the bottleneck should have been found in the largest tropical refugia, and thus in equatorial Africa. High genetic diversity in modern Africans may thus reflect a less severe bottleneck rather than earlier population growth. </p>
<p id="simple-para0005"> The “Weak Garden of Eden” model for the origin and dispersal of modern humans (Harpending<em>et al.</em>, 1993) posits that modern humans spread into separate regions from a restricted source, around 100&nbsp;
<!-- -->&nbsp;
<!-- -->ka (thousand years ago), then passed through population bottlenecks. Around 50&nbsp;
<!-- -->&nbsp;
<!-- -->ka, dramatic growth occurred within dispersed populations that were genetically isolated from each other. Population growth began earliest in Africa and later in Eurasia and is hypothesized to have been caused by the invention and spread of a more efficient Later Stone Age/Upper Paleolithic technology, which developed in equatorial Africa.
</p>
<p id="simple-para0010"> Climatic and geological evidence suggest an alternative hypothesis for Late Pleistocene population bottlenecks and releases. The last glacial period was preceded by one thousand years of the coldest temperatures of the Later Pleistocene (7170&nbsp;
<!-- -->&nbsp;
<!-- -->ka), apparently caused by the eruption of Toba, Sumatra. Toba was the largest known explosive eruption of the Quaternary. Toba's volcanic winter could have decimated most modern human populations, especially outside of isolated tropical refugia. Release from the bottleneck could have occurred either at the end of this hypercold phase, or 10,000 years later, at the transition from cold oxygen isotope stage 4 to warmer stage 3. The largest populations surviving through the bottleneck should have been found in the largest tropical refugia, and thus in equatorial Africa. High genetic diversity in modern Africans may thus reflect a less severe bottleneck rather than earlier population growth.
</p>
<p id="simple-para0015"> Volcanic winter may have reduced populations to levels low enough for founder effects, genetic drift and local adaptations to produce rapid population differentiation. If Toba caused the bottlenecks, then modern human races may have differentiated abruptly, only 70 thousand years ago. </p>
</div>
</div>
<div>
<dl>
<dt>
<sup><a href="#baep-article-footnote-id1"></a></sup>
</dt>
<dd>
<p> P. Mellars </p>
</dd>
</dl>
<dl>
<dt>
<sup><a href="#bF1">f1</a></sup>
</dt>
<dd>
<p> E-mail: Ambrose@uiuc.edu </p>
</dd>
</dl>
</div>
</article>
</div>
</div>
</div>
</DIV>

4
packages/readabilityjs/test/test-readability.js
View File

@ -326,8 +326,8 @@ describe("Test pages", function() {
describe(testPage.dir, function() {
var uri = "http://fakehost/test/page.html";
runTestsWithItems("jsdom", function(source) {
var doc =parseHTML(source).document;
runTestsWithItems("linkedom", function(source) {
var doc = parseHTML(source).document;
removeCommentNodesRecursively(doc);
return doc;
}, testPage.source, testPage.expectedContent, testPage.expectedMetadata, uri);