Download as
Browse Code »

Commit a8383d7c1579bcc3de09cab3a4a4c8bb254b2fd7

Authored by Joenio Costa
1 parent f2e26544
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

Fixing embeds from tv.softwarelivre.org 

(ActionItem1600)
Showing 4 changed files with 8 additions and 3 deletions   Show diff stats
app/views/shared/tiny_mce.rhtml
  Diff comments   View file @a8383d7
@@ -32,7 +32,7 @@ tinyMCE.init({ @@ -32,7 +32,7 @@ tinyMCE.init({
32 paste_insert_word_content_callback : "convertWord", 32 paste_insert_word_content_callback : "convertWord",
33 paste_use_dialog: false, 33 paste_use_dialog: false,
34 apply_source_formatting : true, 34 apply_source_formatting : true,
35 - extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height]", 35 + extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling]",
36 content_css: '/stylesheets/tinymce.css', 36 content_css: '/stylesheets/tinymce.css',
37 language: <%= tinymce_language.inspect %>, 37 language: <%= tinymce_language.inspect %>,
38 entity_encoding: 'raw' 38 entity_encoding: 'raw'
config/environment.rb
  Diff comments   View file @a8383d7
@@ -72,7 +72,7 @@ Rails::Initializer.run do |config| @@ -72,7 +72,7 @@ Rails::Initializer.run do |config|
72 } 72 }
73 73
74 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper 74 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
75 - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars' 75 + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder'
76 76
77 # Adds custom tags to the Set of allowed html tags for the #sanitize helper 77 # Adds custom tags to the Set of allowed html tags for the #sanitize helper
78 config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe' 78 config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe'
test/unit/tiny_mce_article_test.rb
  Diff comments   View file @a8383d7
@@ -83,4 +83,9 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase @@ -83,4 +83,9 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase
83 assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, article.body 83 assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, article.body
84 end 84 end
85 85
  86 + should 'allow iframe if it is from tv.softwarelivre.org' do
  87 + article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>")
  88 + assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"}
  89 + end
  90 +
86 end 91 end
vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
  Diff comments   View file @a8383d7
@@ -13,7 +13,7 @@ HTML::WhiteListSanitizer.module_eval do @@ -13,7 +13,7 @@ HTML::WhiteListSanitizer.module_eval do
13 13
14 if final_text =~ /iframe/ 14 if final_text =~ /iframe/
15 itheora_video = /<iframe(.*)src=(.*)itheora.org(.*)<\/iframe>/ 15 itheora_video = /<iframe(.*)src=(.*)itheora.org(.*)<\/iframe>/
16 - sl_video = /<iframe(.*)src=\"http:\/\/stream.softwarelivre.org(.*)<\/iframe>/ 16 + sl_video = /<iframe(.*)src=\"http:\/\/(stream|tv).softwarelivre.org(.*)<\/iframe>/
17 unless (final_text =~ itheora_video || final_text =~ sl_video) 17 unless (final_text =~ itheora_video || final_text =~ sl_video)
18 final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '') 18 final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '')
19 end 19 end