Commit 6cac22b2df6e1961c7b39764637f672d1c83945d
Exists in
master
and in
29 other branches
Merge commit 'refs/merge-requests/362' of git://gitorious.org/noosfero/noosfero …
…into merge-requests/362
Showing
4 changed files
with
18 additions
and
4 deletions
Show diff stats
app/views/shared/tiny_mce.rhtml
... | ... | @@ -70,7 +70,7 @@ tinyMCE.init({ |
70 | 70 | paste_insert_word_content_callback : "convertWord", |
71 | 71 | paste_use_dialog: false, |
72 | 72 | apply_source_formatting : true, |
73 | - extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]", | |
73 | + extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width],audio[controls|autoplay],video[controls|autoplay],source[src|type]", | |
74 | 74 | content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>', |
75 | 75 | language: <%= tinymce_language.inspect %>, |
76 | 76 | entity_encoding: 'raw', | ... | ... |
config/environment.rb
... | ... | @@ -85,10 +85,10 @@ Rails::Initializer.run do |config| |
85 | 85 | } |
86 | 86 | |
87 | 87 | # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper |
88 | - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder' | |
88 | + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay' | |
89 | 89 | |
90 | 90 | # Adds custom tags to the Set of allowed html tags for the #sanitize helper |
91 | - config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe' | |
91 | + config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source' | |
92 | 92 | |
93 | 93 | # See Rails::Configuration for more options |
94 | 94 | ... | ... |
public/stylesheets/application.css
... | ... | @@ -1414,7 +1414,9 @@ a.comment-picture { |
1414 | 1414 | display: inline; |
1415 | 1415 | } |
1416 | 1416 | #content #boxes .box-1 .article-block img, |
1417 | -#content #article .article-body img { | |
1417 | +#content #article .article-body img, | |
1418 | +#content #article .article-body video, | |
1419 | +#content #article .article-body audio { | |
1418 | 1420 | max-width: 100%; |
1419 | 1421 | height: auto; |
1420 | 1422 | } | ... | ... |
test/unit/tiny_mce_article_test.rb
... | ... | @@ -224,4 +224,16 @@ end |
224 | 224 | assert TinyMceArticle.new.tiny_mce? |
225 | 225 | end |
226 | 226 | |
227 | + should 'not sanitize html5 audio tag on body' do | |
228 | + article = TinyMceArticle.create!(:name => 'html5 audio', :body => "Audio: <audio controls='controls'><source src='http://example.ogg' type='audio/ogg' />Audio not playing?.</audio>", :profile => profile) | |
229 | + assert_tag_in_string article.body, :tag => 'audio', :attributes => {:controls => 'controls'} | |
230 | + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogg', :type => 'audio/ogg'} | |
231 | + end | |
232 | + | |
233 | + should 'not sanitize html5 video tag on body' do | |
234 | + article = TinyMceArticle.create!(:name => 'html5 video', :body => "Video: <video controls='controls' autoplay='autoplay'><source src='http://example.ogv' type='video/ogg' />Video not playing?</video>", :profile => profile) | |
235 | + assert_tag_in_string article.body, :tag => 'video', :attributes => {:controls => 'controls', :autoplay => 'autoplay'} | |
236 | + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogv', :type => 'video/ogg'} | |
237 | + end | |
238 | + | |
227 | 239 | end | ... | ... |