From 7a5483188f7f2e687a10b10f8f6402549d10ef22 Mon Sep 17 00:00:00 2001
From: keillera <keikaillera@gmail.com>
Date: Thu, 3 May 2018 20:24:11 +0900
Subject: [PATCH] Modify to allow twitter

---
 src/common/text_sanitizer.py        |  7 +++++--
 tests/common/test_text_sanitizer.py | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/common/text_sanitizer.py b/src/common/text_sanitizer.py
index 40c85198..ab8b6728 100644
--- a/src/common/text_sanitizer.py
+++ b/src/common/text_sanitizer.py
@@ -22,7 +22,7 @@ def allow_img_src(tag, name, value):
         return False
 
     @staticmethod
-    def allow_div_class(tag, name, value):
+    def allow_div_attributes(tag, name, value):
         if name == 'class':
             allow_classes = [
                 'medium-insert-images',
@@ -33,6 +33,9 @@ def allow_div_class(tag, name, value):
             ]
             if value in allow_classes:
                 return True
+        if name == 'data-alis-iframely-url':
+            p = urlparse(value)
+            return p.netloc == 'twitter.com'
         return False
 
     @staticmethod
@@ -63,7 +66,7 @@ def sanitize_article_body(text):
             attributes={
                 'a': ['href'],
                 'img': TextSanitizer.allow_img_src,
-                'div': TextSanitizer.allow_div_class,
+                'div': TextSanitizer.allow_div_attributes,
                 'figure': TextSanitizer.allow_figure_contenteditable,
                 'figcaption': TextSanitizer.allow_figcaption_attributes
             }
diff --git a/tests/common/test_text_sanitizer.py b/tests/common/test_text_sanitizer.py
index 2bc89c81..bfabeaf7 100644
--- a/tests/common/test_text_sanitizer.py
+++ b/tests/common/test_text_sanitizer.py
@@ -67,6 +67,7 @@ def test_sanitize_article_body(self):
             </figure>
         </div>
         <a href="http://example.com">link</a>
+        <div data-alis-iframely-url="https://twitter.com/hoge">hoge</div>
         '''.format(domain=os.environ['DOMAIN'])
 
         result = TextSanitizer.sanitize_article_body(target_html)
@@ -138,6 +139,23 @@ def test_sanitize_article_body_with_div_unauthorized_class(self):
 
         self.assertEqual(result, expected_html)
 
+    def test_sanitize_article_body_with_div_unauthorized_url(self):
+        target_html = '''
+        <h2>sample h2</h2>
+        <div class='hoge piyo' data='aaa'></div>
+        <div data-alis-iframely-url="https://example.com/hoge">hoge</div>
+        '''
+
+        expected_html = '''
+        <h2>sample h2</h2>
+        <div></div>
+        <div>hoge</div>
+        '''
+
+        result = TextSanitizer.sanitize_article_body(target_html)
+
+        self.assertEqual(result, expected_html)
+
     def test_sanitize_article_body_with_figure_unauthorized_contenteditable(self):
         target_html = '''
         <h2>sample h2</h2>