Fixing embeds from tv.softwarelivre.org

(ActionItem1600)

Fixing embeds from tv.softwarelivre.org
(ActionItem1600)
Joenio Costa
1 parent f2e26544
Showing 4 changed files with 8 additions and 3 deletions Show diff stats
app/views/shared/tiny_mce.rhtml
config/environment.rb
test/unit/tiny_mce_article_test.rb
vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
@@ -32,7 +32,7 @@ tinyMCE.init({
         paste_insert_word_content_callback : "convertWord",
         paste_use_dialog: false,
         apply_source_formatting : true,
-        extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height]",
+        extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling]",
         content_css: '/stylesheets/tinymce.css',
         language: <%= tinymce_language.inspect %>,
         entity_encoding: 'raw'
@@ -72,7 +72,7 @@ Rails::Initializer.run do |config|
   }
  
   # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
-  config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars'
+  config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder'
  
    # Adds custom tags to the Set of allowed html tags for the #sanitize helper
   config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe'
@@ -83,4 +83,9 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase
     assert_match  /<!-- .* --> <h1> Wellformed html code <\/h1>/, article.body
   end
  
+  should 'allow iframe if it is from tv.softwarelivre.org' do
+    article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>")
+    assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"}
+  end
+
 end
@@ -13,7 +13,7 @@ HTML::WhiteListSanitizer.module_eval do
  
       if final_text =~ /iframe/
         itheora_video = /<iframe(.*)src=(.*)itheora.org(.*)<\/iframe>/
-        sl_video = /<iframe(.*)src=\"http:\/\/stream.softwarelivre.org(.*)<\/iframe>/
+        sl_video = /<iframe(.*)src=\"http:\/\/(stream|tv).softwarelivre.org(.*)<\/iframe>/
         unless (final_text =~ itheora_video || final_text =~ sl_video)
           final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '')
         end
...	...	@@ -32,7 +32,7 @@ tinyMCE.init({
32	32	paste_insert_word_content_callback : "convertWord",
33	33	paste_use_dialog: false,
34	34	apply_source_formatting : true,
35		- extended_valid_elements : "applet[style\|archive\|codebase\|code\|height\|width],comment,iframe[src\|style\|allowtransparency\|frameborder\|width\|height]",
	35	+ extended_valid_elements : "applet[style\|archive\|codebase\|code\|height\|width],comment,iframe[src\|style\|allowtransparency\|frameborder\|width\|height\|scrolling]",
36	36	content_css: '/stylesheets/tinymce.css',
37	37	language: <%= tinymce_language.inspect %>,
38	38	entity_encoding: 'raw'
...	...
...	...	@@ -72,7 +72,7 @@ Rails::Initializer.run do \|config\|
72	72	}
73	73
74	74	# Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
75		- config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars'
	75	+ config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder'
76	76
77	77	# Adds custom tags to the Set of allowed html tags for the #sanitize helper
78	78	config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe'
...	...
...	...	@@ -83,4 +83,9 @@ class TinyMceArticleTest < Test::Unit::TestCase
83	83	assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, article.body
84	84	end
85	85
	86	+ should 'allow iframe if it is from tv.softwarelivre.org' do
	87	+ article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>")
	88	+ assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"}
	89	+ end
	90	+
86	91	end
...	...
...	...	@@ -13,7 +13,7 @@ HTML::WhiteListSanitizer.module_eval do
13	13
14	14	if final_text =~ /iframe/
15	15	itheora_video = /<iframe(.)src=(.)itheora.org(.*)<\/iframe>/
16		- sl_video = /<iframe(.)src=\"http:\/\/stream.softwarelivre.org(.)<\/iframe>/
	16	+ sl_video = /<iframe(.)src=\"http:\/\/(stream\|tv).softwarelivre.org(.)<\/iframe>/
17	17	unless (final_text =~ itheora_video \|\| final_text =~ sl_video)
18	18	final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '')
19	19	end
...	...