🐛 Fixes oembed bookmark with whitespaces

refs https://github.com/TryGhost/Team/issues/1200

- The leading/trailing whitespaces are trimmed by `new URL()` but are considered invalid in metascraper. Trimming solves this edge case.

core/server/services/oembed.js

@@ -85,6 +85,8 @@ class OEmbed {
     }
 
     async fetchBookmarkData(url) {
+        // Metascraper doesn't handle leading/trailing whitespace
+        url = url.trim();
         const metascraper = require('metascraper')([
             require('metascraper-url')(),
             require('metascraper-title')(),
@@ -154,6 +156,10 @@ class OEmbed {
     }
 
     fetchOembedData(_url, cardType) {
+        // Trimming solves the difference of url validation between `new URL(url)`
+        // and metascraper.
+        _url = _url.trim();
+
         // parse the url then validate the protocol and host to make sure it's
         // http(s) and not an IP address or localhost to avoid potential access to
         // internal network endpoints

test/api-acceptance/admin/oembed_spec.js

@@ -70,7 +70,7 @@ describe('Oembed API', function () {
                     {'content-type': 'text/html'}
                 );
 
-            const url = encodeURIComponent('http://example.com');
+            const url = encodeURIComponent(' http://example.com\t '); // Whitespaces are to make sure urls are trimmed
             const res = await request.get(localUtils.API.getApiQuery(`oembed/?url=${url}&type=bookmark`))
                 .set('Origin', config.get('url'))
                 .expect('Content-Type', /json/)