Download as
Browse Code »

Commit e28dc32c478c517bc939ab590c2bc4dddbbbde06

Authored by Daniela Feitosa
1 parent 59897e5e
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

Allowed html5 video and audio tags when sanitizing 

Also, added max-width on css to avoid overflowing when using those tags
(ActionItem2740)
Showing 4 changed files with 18 additions and 4 deletions   Show diff stats
app/views/shared/tiny_mce.rhtml
  Diff comments   View file @e28dc32
@@ -70,7 +70,7 @@ tinyMCE.init({ @@ -70,7 +70,7 @@ tinyMCE.init({
70 paste_insert_word_content_callback : "convertWord", 70 paste_insert_word_content_callback : "convertWord",
71 paste_use_dialog: false, 71 paste_use_dialog: false,
72 apply_source_formatting : true, 72 apply_source_formatting : true,
73 - extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]", 73 + extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width],audio[controls|autoplay],video[controls|autoplay],source[src|type]",
74 content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>', 74 content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>',
75 language: <%= tinymce_language.inspect %>, 75 language: <%= tinymce_language.inspect %>,
76 entity_encoding: 'raw', 76 entity_encoding: 'raw',
config/environment.rb
  Diff comments   View file @e28dc32
@@ -85,10 +85,10 @@ Rails::Initializer.run do |config| @@ -85,10 +85,10 @@ Rails::Initializer.run do |config|
85 } 85 }
86 86
87 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper 87 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
88 - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder' 88 + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay'
89 89
90 # Adds custom tags to the Set of allowed html tags for the #sanitize helper 90 # Adds custom tags to the Set of allowed html tags for the #sanitize helper
91 - config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe' 91 + config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source'
92 92
93 # See Rails::Configuration for more options 93 # See Rails::Configuration for more options
94 94
public/stylesheets/application.css
  Diff comments   View file @e28dc32
@@ -1414,7 +1414,9 @@ a.comment-picture { @@ -1414,7 +1414,9 @@ a.comment-picture {
1414 display: inline; 1414 display: inline;
1415 } 1415 }
1416 #content #boxes .box-1 .article-block img, 1416 #content #boxes .box-1 .article-block img,
1417 -#content #article .article-body img { 1417 +#content #article .article-body img,
  1418 +#content #article .article-body video,
  1419 +#content #article .article-body audio {
1418 max-width: 100%; 1420 max-width: 100%;
1419 height: auto; 1421 height: auto;
1420 } 1422 }
test/unit/tiny_mce_article_test.rb
  Diff comments   View file @e28dc32
@@ -224,4 +224,16 @@ end @@ -224,4 +224,16 @@ end
224 assert TinyMceArticle.new.tiny_mce? 224 assert TinyMceArticle.new.tiny_mce?
225 end 225 end
226 226
  227 + should 'not sanitize html5 audio tag on body' do
  228 + article = TinyMceArticle.create!(:name => 'html5 audio', :body => "Audio: <audio controls='controls'><source src='http://example.ogg' type='audio/ogg' />Audio not playing?.</audio>", :profile => profile)
  229 + assert_tag_in_string article.body, :tag => 'audio', :attributes => {:controls => 'controls'}
  230 + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogg', :type => 'audio/ogg'}
  231 + end
  232 +
  233 + should 'not sanitize html5 video tag on body' do
  234 + article = TinyMceArticle.create!(:name => 'html5 video', :body => "Video: <video controls='controls' autoplay='autoplay'><source src='http://example.ogv' type='video/ogg' />Video not playing?</video>", :profile => profile)
  235 + assert_tag_in_string article.body, :tag => 'video', :attributes => {:controls => 'controls', :autoplay => 'autoplay'}
  236 + assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogv', :type => 'video/ogg'}
  237 + end
  238 +
227 end 239 end