Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let whitelist sanitizer dictate the required AMP scripts via spec #882

Merged
merged 5 commits into from
Jan 19, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 47 additions & 17 deletions bin/amphtml-update.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
Follow the steps below to generate a new version of the allowed tags class:

- Download a copy of the latet AMPHTML repository from github:

git clone git@github.com:ampproject/amphtml.git

- Copy this file into the repo's validator subdirectory:
Expand Down Expand Up @@ -149,6 +149,8 @@ def GenerateHeaderPHP(out):
out.append(' * Note: This file only contains tags that are relevant to the `body` of')
out.append(' * an AMP page. To include additional elements modify the variable')
out.append(' * `mandatory_parent_blacklist` in the amp_wp_build.py script.')
out.append(' *')
out.append(' * phpcs:ignoreFile')
out.append(' */')
out.append('class AMP_Allowed_Tags_Generated {')
out.append('')
Expand Down Expand Up @@ -223,15 +225,15 @@ def GenerateAttributesPHP(out, attributes, indent_level = 4):
indent = ''
for i in range(0,indent_level):
indent += '\t'

sorted_attributes = sorted(attributes.items())
for (attribute, values) in collections.OrderedDict(sorted_attributes).iteritems():
logging.info('generating php for attribute: %s...' % attribute.lower())
out.append('%s\'%s\' => array(' % (indent, attribute.lower()))
GeneratePropertiesPHP(out, values)
out.append('%s),' % indent)
logging.info('...done with: %s' % attribute.lower())

out.append('')
logging.info('... done')

Expand Down Expand Up @@ -305,26 +307,42 @@ def GenerateFooterPHP(out):
logging.info('entering ...')

# Output the footer.
out.append('\tpublic static function get_allowed_tags() {')
out.append('\t\treturn self::$allowed_tags;')
out.append('\t}')
out.append('')
out.append('''
/**
* Get allowed tags.
*
* @since 0.5
* @return array Allowed tags.
*/
public static function get_allowed_tags() {
return self::$allowed_tags;
}

/**
* Get list of globally-allowed attributes.
*
* @since 0.5
* @return array Allowed tag.
*/
public static function get_allowed_attributes() {
return self::$globally_allowed_attrs;
}

/**
* Get layout attributes.
*
* @since 0.5
* @return array Allowed tag.
*/
public static function get_layout_attributes() {
return self::$layout_allowed_attrs;
}''')

out.append('\tpublic static function get_allowed_attributes() {')
out.append('\t\treturn self::$globally_allowed_attrs;')
out.append('\t}')
out.append('')

out.append('\tpublic static function get_layout_attributes() {')
out.append('\t\treturn self::$layout_allowed_attrs;')
out.append('\t}')
out.append('')

out.append('}')
out.append('')

out.append('?>')
out.append('')
logging.info('... done')


Expand Down Expand Up @@ -434,6 +452,18 @@ def GetTagRules(tag_spec):
also_requires_tag_list.append(UnicodeEscape(also_requires_tag))
tag_rules['also_requires_tag'] = {'also_requires_tag': also_requires_tag_list}

if hasattr(tag_spec, 'requires_extension') and len( tag_spec.requires_extension ) != 0:
requires_extension_list = []
for requires_extension in tag_spec.requires_extension:
requires_extension_list.append(requires_extension)
tag_rules['requires_extension'] = {'requires_extension': requires_extension_list}

if hasattr(tag_spec, 'also_requires_tag_warning') and len( tag_spec.also_requires_tag_warning ) != 0:
also_requires_tag_warning_list = []
for also_requires_tag_warning in tag_spec.also_requires_tag_warning:
also_requires_tag_warning_list.append(also_requires_tag_warning)
tag_rules['also_requires_tag_warning'] = {'also_requires_tag_warning': also_requires_tag_warning_list}

if tag_spec.disallowed_ancestor:
disallowed_ancestor_list = []
for disallowed_ancestor in tag_spec.disallowed_ancestor:
Expand Down
3 changes: 2 additions & 1 deletion bin/amphtml-update.sh
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,5 @@ fi

# Run script.
python amphtml-update.py
cp amp_wp/class-amp-allowed-tags-generated.php ../../../includes/sanitizers/
mv amp_wp/class-amp-allowed-tags-generated.php ../../../includes/sanitizers/
rm -r amp_wp
16 changes: 0 additions & 16 deletions includes/class-amp-theme-support.php
Original file line number Diff line number Diff line change
Expand Up @@ -444,16 +444,6 @@ public static function filter_the_content( $content ) {
* @return string Scripts to inject into the HEAD.
*/
public static function get_amp_component_scripts( $html ) {

// @todo This should be integrated with the existing Sanitizer classes so that duplication is not done here.
$amp_components = array(
'amp-form' => array(
'pattern' => '#<(form|input)\b#i',
'source' => 'https://cdn.ampproject.org/v0/amp-form-0.1.js',
),
// @todo Add more.
);

$amp_scripts = self::$amp_scripts;

foreach ( self::$embed_handlers as $embed_handler ) {
Expand All @@ -463,12 +453,6 @@ public static function get_amp_component_scripts( $html ) {
);
}

foreach ( $amp_components as $component => $props ) {
if ( preg_match( $props['pattern'], $html ) ) {
$amp_scripts[ $component ] = $props['source'];
}
}

/**
* Filters AMP component scripts before they are injected onto the output buffer for the response.
*
Expand Down
Loading