Commit 6cac22b2df6e1961c7b39764637f672d1c83945d

Authored by Rodrigo Souto
2 parents 52c6001c e28dc32c

Merge commit 'refs/merge-requests/362' of git://gitorious.org/noosfero/noosfero …

…into merge-requests/362
app/views/shared/tiny_mce.rhtml
... ... @@ -70,7 +70,7 @@ tinyMCE.init({
70 70 paste_insert_word_content_callback : "convertWord",
71 71 paste_use_dialog: false,
72 72 apply_source_formatting : true,
73   - extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]",
  73 + extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width],audio[controls|autoplay],video[controls|autoplay],source[src|type]",
74 74 content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>',
75 75 language: <%= tinymce_language.inspect %>,
76 76 entity_encoding: 'raw',
... ...
config/environment.rb
... ... @@ -85,10 +85,10 @@ Rails::Initializer.run do |config|
85 85 }
86 86  
87 87 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
88   - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder'
  88 + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay'
89 89  
90 90 # Adds custom tags to the Set of allowed html tags for the #sanitize helper
91   - config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe'
  91 + config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source'
92 92  
93 93 # See Rails::Configuration for more options
94 94  
... ...
public/stylesheets/application.css
... ... @@ -1414,7 +1414,9 @@ a.comment-picture {
1414 1414 display: inline;
1415 1415 }
1416 1416 #content #boxes .box-1 .article-block img,
1417   -#content #article .article-body img {
  1417 +#content #article .article-body img,
  1418 +#content #article .article-body video,
  1419 +#content #article .article-body audio {
1418 1420 max-width: 100%;
1419 1421 height: auto;
1420 1422 }
... ...
test/unit/tiny_mce_article_test.rb
... ... @@ -224,4 +224,16 @@ end
224 224 assert TinyMceArticle.new.tiny_mce?
225 225 end
226 226  
  227 + should 'not sanitize html5 audio tag on body' do
  228 + article = TinyMceArticle.create!(:name => 'html5 audio', :body => "Audio: <audio controls='controls'><source src='http://example.ogg' type='audio/ogg' />Audio not playing?.</audio>", :profile => profile)
  229 + assert_tag_in_string article.body, :tag => 'audio', :attributes => {:controls => 'controls'}
  230 + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogg', :type => 'audio/ogg'}
  231 + end
  232 +
  233 + should 'not sanitize html5 video tag on body' do
  234 + article = TinyMceArticle.create!(:name => 'html5 video', :body => "Video: <video controls='controls' autoplay='autoplay'><source src='http://example.ogv' type='video/ogg' />Video not playing?</video>", :profile => profile)
  235 + assert_tag_in_string article.body, :tag => 'video', :attributes => {:controls => 'controls', :autoplay => 'autoplay'}
  236 + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogv', :type => 'video/ogg'}
  237 + end
  238 +
227 239 end
... ...