-
Notifications
You must be signed in to change notification settings - Fork 383
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue #864: Subclass the 'Video' widget, in order to sanitize markup.
A PHPUnit test fails, as it's not yet sanitized. It needs to have an <amp-video>, and remove the 'style' attribute.
- Loading branch information
Ryan Kienstra
committed
Jan 18, 2018
1 parent
44287d8
commit c7268bf
Showing
4 changed files
with
113 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| <?php | ||
| /** | ||
| * Class AMP_Widget_Media_Video | ||
| * | ||
| * @package AMP | ||
| */ | ||
|
|
||
| /** | ||
| * Class AMP_Widget_Media_Video | ||
| * | ||
| * @package AMP | ||
| */ | ||
| class AMP_Widget_Media_Video extends WP_Widget_Media_Video { | ||
|
|
||
| /** | ||
| * Echoes the markup of the widget. | ||
| * | ||
| * @todo filter $output, to convert <video> to <amp-video> and remove the 'style' attribute. | ||
| * @see https://github.com/Automattic/amp-wp/issues/864 | ||
| * @param array $instance Data for widget. | ||
| * @return void. | ||
| */ | ||
| public function render_media( $instance ) { | ||
| ob_start(); | ||
| parent::render_media( $instance ); | ||
| $output = ob_get_clean(); | ||
| echo $output; // WPCS: XSS ok. | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| <?php | ||
| /** | ||
| * Tests for class AMP_Widget_Media_Video. | ||
| * | ||
| * @package AMP | ||
| */ | ||
|
|
||
| /** | ||
| * Tests for class AMP_Widget_Media_Video. | ||
| * | ||
| * @package AMP | ||
| */ | ||
| class Test_AMP_Widget_Media_Video extends WP_UnitTestCase { | ||
|
|
||
| /** | ||
| * Instance of the widget. | ||
| * | ||
| * @var object | ||
| */ | ||
| public $instance; | ||
|
|
||
| /** | ||
| * Setup. | ||
| * | ||
| * @inheritdoc | ||
| */ | ||
| public function setUp() { | ||
| parent::setUp(); | ||
| $amp_widgets = new AMP_Widgets(); | ||
| $amp_widgets->register_widgets(); | ||
| $this->instance = new AMP_Widget_Media_Video(); | ||
| } | ||
|
|
||
| /** | ||
| * Test construct(). | ||
| * | ||
| * @see AMP_Widget_Media_Video::__construct(). | ||
| */ | ||
| public function test_construct() { | ||
| global $wp_widget_factory; | ||
| $amp_widget = $wp_widget_factory->widgets['AMP_Widget_Media_Video']; | ||
|
|
||
| $this->assertEquals( 'media_video', $amp_widget->id_base ); | ||
| $this->assertEquals( 'Video', $amp_widget->name ); | ||
| $this->assertEquals( 'widget_media_video', $amp_widget->widget_options['classname'] ); | ||
| $this->assertEquals( true, $amp_widget->widget_options['customize_selective_refresh'] ); | ||
| $this->assertEquals( 'Displays a video from the media library or from YouTube, Vimeo, or another provider.', $amp_widget->widget_options['description'] ); | ||
| } | ||
|
|
||
| /** | ||
| * Test widget(). | ||
| * | ||
| * Mock video logic mainly copied from Test_WP_Widget_Media_image::test_render_media(). | ||
| * | ||
| * @see AMP_Widget_Media_Video::widget(). | ||
| */ | ||
| public function test_render_media() { | ||
| $video = '/tmp/small-video.mp4'; | ||
| copy( DIR_TESTDATA . '/uploads/small-video.mp4', $video ); | ||
| $attachment_id = self::factory()->attachment->create_object( array( | ||
| 'file' => $video, | ||
| 'post_parent' => 0, | ||
| 'post_mime_type' => 'video/mp4', | ||
| 'post_title' => 'Test Video', | ||
| ) ); | ||
| wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $video ) ); | ||
| $instance = array( | ||
| 'title' => 'Test Video Widget', | ||
| 'attachment_id' => $attachment_id, | ||
| 'url' => 'https://example.com/amp', | ||
| ); | ||
|
|
||
| ob_start(); | ||
| $this->instance->render_media( $instance ); | ||
| $output = ob_get_clean(); | ||
|
|
||
| $this->assertFalse( strpos( $output, '<video' ) ); | ||
| $this->assertFalse( strpos( $output, 'style=' ) ); | ||
| } | ||
|
|
||
| } |