Download as
Browse Code »

Commit 57753e006d620063d63dd3885b52c37fb7d0d13f

Authored by Victor Costa
2 parents 5014ba2f 34f4326d
Exists in theme-brasil-digital-from-staging and in 9 other branches angular_poc, api-article-archived, backup-7-jan-2016, captcha_serpro_plugin, login-captcha, production, resend_confirmation_email, staging, staging_rails3

Merge branch 'fix_tinymce_video' into stable

Showing 2 changed files with 10 additions and 1 deletions   Show diff stats
lib/white_list_filter.rb
  Diff comments   View file @57753e0
@@ -9,7 +9,7 @@ module WhiteListFilter @@ -9,7 +9,7 @@ module WhiteListFilter
9 unless iframe =~ /src=['"].*src=['"]/ 9 unless iframe =~ /src=['"].*src=['"]/
10 trusted_sites.each do |trusted_site| 10 trusted_sites.each do |trusted_site|
11 re_dom = trusted_site.gsub('.', '\.') 11 re_dom = trusted_site.gsub('.', '\.')
12 - if iframe =~ /src=["']https?:\/\/(www\.)?#{re_dom}\// 12 + if iframe =~ /src=["'](https?:)?\/\/(www\.)?#{re_dom}\//
13 result = iframe 13 result = iframe
14 end 14 end
15 end 15 end
test/unit/white_list_filter_test.rb
  Diff comments   View file @57753e0
@@ -40,6 +40,15 @@ class WhiteListFilterTest < ActiveSupport::TestCase @@ -40,6 +40,15 @@ class WhiteListFilterTest < ActiveSupport::TestCase
40 assert_equal "<iframe src='http://avideosite.com/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe) 40 assert_equal "<iframe src='http://avideosite.com/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe)
41 end 41 end
42 42
  43 + should 'allow iframe if it is from a trusted site and protocol was not specified' do
  44 + env = Environment.default
  45 + env.trusted_sites_for_iframe = ['avideosite.com']
  46 + env.save
  47 + assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com'
  48 + content = "<iframe src='//avideosite.com/videos.ogg'></iframe>"
  49 + assert_equal "<iframe src='//avideosite.com/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe)
  50 + end
  51 +
43 should 'remove only the iframe from untrusted site' do 52 should 'remove only the iframe from untrusted site' do
44 content = "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>" 53 content = "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>"
45 assert_equal "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe) 54 assert_equal "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe>", check_iframe_on_content(content, environment.trusted_sites_for_iframe)