Merge pull request #104 from keillera/mod_sani

ALIS-897: Modify to allow twitter
AlisProject · May 3, 2018 · f382b36 · f382b36
2 parents 0753100 + 7a54831
commit f382b36
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/src/common/text_sanitizer.py b/src/common/text_sanitizer.py
@@ -22,7 +22,7 @@ def allow_img_src(tag, name, value):
         return False
 
     @staticmethod
-    def allow_div_class(tag, name, value):
+    def allow_div_attributes(tag, name, value):
         if name == 'class':
             allow_classes = [
                 'medium-insert-images',
@@ -33,6 +33,9 @@ def allow_div_class(tag, name, value):
             ]
             if value in allow_classes:
                 return True
+        if name == 'data-alis-iframely-url':
+            p = urlparse(value)
+            return p.netloc == 'twitter.com'
         return False
 
     @staticmethod
@@ -63,7 +66,7 @@ def sanitize_article_body(text):
             attributes={
                 'a': ['href'],
                 'img': TextSanitizer.allow_img_src,
-                'div': TextSanitizer.allow_div_class,
+                'div': TextSanitizer.allow_div_attributes,
                 'figure': TextSanitizer.allow_figure_contenteditable,
                 'figcaption': TextSanitizer.allow_figcaption_attributes
             }

diff --git a/tests/common/test_text_sanitizer.py b/tests/common/test_text_sanitizer.py
@@ -67,6 +67,7 @@ def test_sanitize_article_body(self):
             </figure>
         </div>
         <a href="http://example.com">link</a>
+        <div data-alis-iframely-url="https://twitter.com/hoge">hoge</div>
         '''.format(domain=os.environ['DOMAIN'])
 
         result = TextSanitizer.sanitize_article_body(target_html)
@@ -138,6 +139,23 @@ def test_sanitize_article_body_with_div_unauthorized_class(self):
 
         self.assertEqual(result, expected_html)
 
+    def test_sanitize_article_body_with_div_unauthorized_url(self):
+        target_html = '''
+        <h2>sample h2</h2>
+        <div class='hoge piyo' data='aaa'></div>
+        <div data-alis-iframely-url="https://example.com/hoge">hoge</div>
+        '''
+
+        expected_html = '''
+        <h2>sample h2</h2>
+        <div></div>
+        <div>hoge</div>
+        '''
+
+        result = TextSanitizer.sanitize_article_body(target_html)
+
+        self.assertEqual(result, expected_html)
+
     def test_sanitize_article_body_with_figure_unauthorized_contenteditable(self):
         target_html = '''
         <h2>sample h2</h2>