Allowing users to post videos from other sites

* Vimeo * Archive.org * iteia * TV SL (stream and video) ActionItem1257

Allowing users to post videos from other sites
* Vimeo * Archive.org * iteia * TV SL (stream and video) ActionItem1257
Daniela Feitosa · Antonio Terceiro
1 parent 6c728f56
Showing 5 changed files with 49 additions and 7 deletions Show diff stats
app/views/shared/tiny_mce.rhtml
config/environment.rb
public/stylesheets/tinymce.css
test/unit/tiny_mce_article_test.rb
vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
 <%= javascript_include_tag 'tinymce/jscripts/tiny_mce/tiny_mce.js' %>
 <script type="text/javascript">
-  var myplugins = "searchreplace,print,media,table";
+  var myplugins = "searchreplace,print,table";
   if (tinymce.isIE) {
     // the paste plugin is only useful in Internet Explorer
     myplugins = "paste," + myplugins;
@@ -22,6 +22,7 @@ tinyMCE.init({
         paste_insert_word_content_callback : "convertWord",
         paste_use_dialog: false,
         apply_source_formatting : true,
+        extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder]",
         content_css: '/stylesheets/tinymce.css',
         language: <%= tinymce_language.inspect %>,
         entity_encoding: 'raw'
@@ -83,10 +83,10 @@ Rails::Initializer.run do |config|
   }
  
   # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
-  config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target'
+  config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars'
  
    # Adds custom tags to the Set of allowed html tags for the #sanitize helper
-  config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td'
+  config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe'
  
   # See Rails::Configuration for more options
  
@@ -4,3 +4,13 @@ body.mceContentBody td {
   font-size: 12px;
 }
  
+object, embed {
+  border:1px dotted #cc0000;
+  background-position:center;
+  background-repeat:no-repeat;
+  background-color:#ffffcc;
+  display: block;
+  width: 150px;
+  height: 150px;
+  background-image: url(../designs/icons/tango/Tango/22x22/actions/media-playback-start.png);
+}
@@ -49,4 +49,24 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase
     assert(article.body.is_utf8?, "%s expected to be valid UTF-8 content" % article.body.inspect)
   end
  
+  should 'fix tinymce mess with itheora comments for IE from tiny mce article body' do
+    article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->")
+    assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body
+  end
+
+  should 'not mess with <iframe and </iframe if it is from itheora' do
+    article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org'></iframe>")
+    assert_equal "<iframe src=\"http://itheora.org\"></iframe>", article.body
+  end
+
+  should 'remove iframe if it is not from itheora' do
+    article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='anything'></iframe>")
+    assert_equal "", article.body
+  end
+
+  #TinymMCE convert config={"key":(.*)} in config={&quotkey&quot:(.*)}
+  should 'not replace &quot with &amp;quot; when adding an Archive.org video' do
+    article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}'> </embed>")
+    assert_equal "<embed flashvars=\"config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}\"> </embed>", article.body
+  end
 end
@@ -5,11 +5,22 @@
  
 HTML::WhiteListSanitizer.module_eval do
  
-  def sanitize_with_filter_comments(*args, &block)
-    text = sanitize_without_filter_comments(*args, &block)
-    text.gsub(/&lt;!--/, '<!--') if text
+  def sanitize_with_filter_fixes(*args, &block)
+    text = sanitize_without_filter_fixes(*args, &block)
+    if text
+      final_text = text.gsub(/&lt;!/, '<!')
+      final_text = final_text.gsub(/<!--.*\[if IE\]-->(.*)<!--\[endif\]-->/, '<!–-[if IE]>\1<![endif]-–>') #FIX for itheora comments
+
+      if final_text =~ /iframe/
+        unless final_text =~ /<iframe(.*)src=(.*)itheora.org(.*)<\/iframe>/
+          final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '')
+        end
+      end
+      final_text = final_text.gsub(/&amp;quot;/, '&quot;') #FIX problems with archive.org
+      final_text
+    end
   end
-  alias_method_chain :sanitize, :filter_comments
+  alias_method_chain :sanitize, :filter_fixes
  
   # unescape before reescape to avoid:
   # & -> &amp; -> &amp;amp; -> &amp;amp;amp; -> &amp;amp;amp;amp; -> etc
1	1	<%= javascript_include_tag 'tinymce/jscripts/tiny_mce/tiny_mce.js' %>
2	2	<script type="text/javascript">
3		- var myplugins = "searchreplace,print,media,table";
	3	+ var myplugins = "searchreplace,print,table";
4	4	if (tinymce.isIE) {
5	5	// the paste plugin is only useful in Internet Explorer
6	6	myplugins = "paste," + myplugins;
...	...	@@ -22,6 +22,7 @@ tinyMCE.init({
22	22	paste_insert_word_content_callback : "convertWord",
23	23	paste_use_dialog: false,
24	24	apply_source_formatting : true,
	25	+ extended_valid_elements : "applet[style\|archive\|codebase\|code\|height\|width],comment,iframe[src\|style\|allowtransparency\|frameborder]",
25	26	content_css: '/stylesheets/tinymce.css',
26	27	language: <%= tinymce_language.inspect %>,
27	28	entity_encoding: 'raw'
...	...
...	...	@@ -83,10 +83,10 @@ Rails::Initializer.run do \|config\|
83	83	}
84	84
85	85	# Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
86		- config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target'
	86	+ config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars'
87	87
88	88	# Adds custom tags to the Set of allowed html tags for the #sanitize helper
89		- config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td'
	89	+ config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe'
90	90
91	91	# See Rails::Configuration for more options
92	92
...	...
...	...	@@ -4,3 +4,13 @@ body.mceContentBody td {
4	4	font-size: 12px;
5	5	}
6	6
	7	+object, embed {
	8	+ border:1px dotted #cc0000;
	9	+ background-position:center;
	10	+ background-repeat:no-repeat;
	11	+ background-color:#ffffcc;
	12	+ display: block;
	13	+ width: 150px;
	14	+ height: 150px;
	15	+ background-image: url(../designs/icons/tango/Tango/22x22/actions/media-playback-start.png);
	16	+}
...	...
...	...	@@ -49,4 +49,24 @@ class TinyMceArticleTest < Test::Unit::TestCase
49	49	assert(article.body.is_utf8?, "%s expected to be valid UTF-8 content" % article.body.inspect)
50	50	end
51	51
	52	+ should 'fix tinymce mess with itheora comments for IE from tiny mce article body' do
	53	+ article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->")
	54	+ assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body
	55	+ end
	56	+
	57	+ should 'not mess with <iframe and </iframe if it is from itheora' do
	58	+ article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org'></iframe>")
	59	+ assert_equal "<iframe src=\"http://itheora.org\"></iframe>", article.body
	60	+ end
	61	+
	62	+ should 'remove iframe if it is not from itheora' do
	63	+ article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='anything'></iframe>")
	64	+ assert_equal "", article.body
	65	+ end
	66	+
	67	+ #TinymMCE convert config={"key":(.)} in config={&quotkey&quot:(.)}
	68	+ should 'not replace &quot with &quot; when adding an Archive.org video' do
	69	+ article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={"key":"\#$b6eb72a0f2f1e29f3d4"}'> </embed>")
	70	+ assert_equal "<embed flashvars=\"config={"key":"\#$b6eb72a0f2f1e29f3d4"}\"> </embed>", article.body
	71	+ end
52	72	end
...	...
...	...	@@ -5,11 +5,22 @@
5	5
6	6	HTML::WhiteListSanitizer.module_eval do
7	7
8		- def sanitize_with_filter_comments(*args, &block)
9		- text = sanitize_without_filter_comments(*args, &block)
10		- text.gsub(/<!--/, '<!--') if text
	8	+ def sanitize_with_filter_fixes(*args, &block)
	9	+ text = sanitize_without_filter_fixes(*args, &block)
	10	+ if text
	11	+ final_text = text.gsub(/<!/, '<!')
	12	+ final_text = final_text.gsub(/<!--.\[if IE\]-->(.)<!--\[endif\]-->/, '<!–-[if IE]>\1<![endif]-–>') #FIX for itheora comments
	13	+
	14	+ if final_text =~ /iframe/
	15	+ unless final_text =~ /<iframe(.)src=(.)itheora.org(.*)<\/iframe>/
	16	+ final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '')
	17	+ end
	18	+ end
	19	+ final_text = final_text.gsub(/&quot;/, '"') #FIX problems with archive.org
	20	+ final_text
	21	+ end
11	22	end
12		- alias_method_chain :sanitize, :filter_comments
	23	+ alias_method_chain :sanitize, :filter_fixes
13	24
14	25	# unescape before reescape to avoid:
15	26	# & -> & -> &amp; -> &amp;amp; -> &amp;amp;amp; -> etc
...	...