diff --git a/app/views/shared/tiny_mce.rhtml b/app/views/shared/tiny_mce.rhtml index 2314dfb..f583a44 100644 --- a/app/views/shared/tiny_mce.rhtml +++ b/app/views/shared/tiny_mce.rhtml @@ -70,7 +70,7 @@ tinyMCE.init({ paste_insert_word_content_callback : "convertWord", paste_use_dialog: false, apply_source_formatting : true, - extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]", + extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width],audio[controls|autoplay],video[controls|autoplay],source[src|type]", content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>', language: <%= tinymce_language.inspect %>, entity_encoding: 'raw', diff --git a/config/environment.rb b/config/environment.rb index 43c0af9..50db585 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -85,10 +85,10 @@ Rails::Initializer.run do |config| } # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder' + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay' # Adds custom tags to the Set of allowed html tags for the #sanitize helper - config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe' + config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source' # See Rails::Configuration for more options diff --git a/public/stylesheets/application.css b/public/stylesheets/application.css index 4f215df..e08771a 100644 --- a/public/stylesheets/application.css +++ b/public/stylesheets/application.css @@ -1414,7 +1414,9 @@ a.comment-picture { display: inline; } #content #boxes .box-1 .article-block img, -#content #article .article-body img { +#content #article .article-body img, +#content #article .article-body video, +#content #article .article-body audio { max-width: 100%; height: auto; } diff --git a/test/unit/tiny_mce_article_test.rb b/test/unit/tiny_mce_article_test.rb index 56dd771..4b61582 100644 --- a/test/unit/tiny_mce_article_test.rb +++ b/test/unit/tiny_mce_article_test.rb @@ -224,4 +224,16 @@ end assert TinyMceArticle.new.tiny_mce? end + should 'not sanitize html5 audio tag on body' do + article = TinyMceArticle.create!(:name => 'html5 audio', :body => "Audio: ", :profile => profile) + assert_tag_in_string article.body, :tag => 'audio', :attributes => {:controls => 'controls'} + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogg', :type => 'audio/ogg'} + end + + should 'not sanitize html5 video tag on body' do + article = TinyMceArticle.create!(:name => 'html5 video', :body => "Video: ", :profile => profile) + assert_tag_in_string article.body, :tag => 'video', :attributes => {:controls => 'controls', :autoplay => 'autoplay'} + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogv', :type => 'video/ogg'} + end + end -- libgit2 0.21.2