Commit 57753e006d620063d63dd3885b52c37fb7d0d13f
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Merge branch 'fix_tinymce_video' into stable
Showing
2 changed files
with
10 additions
and
1 deletions
Show diff stats
lib/white_list_filter.rb
| ... | ... | @@ -9,7 +9,7 @@ module WhiteListFilter |
| 9 | 9 | unless iframe =~ /src=['"].*src=['"]/ |
| 10 | 10 | trusted_sites.each do |trusted_site| |
| 11 | 11 | re_dom = trusted_site.gsub('.', '\.') |
| 12 | - if iframe =~ /src=["']https?:\/\/(www\.)?#{re_dom}\// | |
| 12 | + if iframe =~ /src=["'](https?:)?\/\/(www\.)?#{re_dom}\// | |
| 13 | 13 | result = iframe |
| 14 | 14 | end |
| 15 | 15 | end | ... | ... |
test/unit/white_list_filter_test.rb
| ... | ... | @@ -40,6 +40,15 @@ class WhiteListFilterTest < ActiveSupport::TestCase |
| 40 | 40 | assert_equal "<iframe src='http://avideosite.com/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe) |
| 41 | 41 | end |
| 42 | 42 | |
| 43 | + should 'allow iframe if it is from a trusted site and protocol was not specified' do | |
| 44 | + env = Environment.default | |
| 45 | + env.trusted_sites_for_iframe = ['avideosite.com'] | |
| 46 | + env.save | |
| 47 | + assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com' | |
| 48 | + content = "<iframe src='//avideosite.com/videos.ogg'></iframe>" | |
| 49 | + assert_equal "<iframe src='//avideosite.com/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe) | |
| 50 | + end | |
| 51 | + | |
| 43 | 52 | should 'remove only the iframe from untrusted site' do |
| 44 | 53 | content = "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>" |
| 45 | 54 | assert_equal "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe) | ... | ... |