jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1851 from umap-project/audio-video-tags

Browse source 
fix: allow audio and video tags (+attributes) in HTML
This commit is contained in:
David Larlet 2024-05-22 12:52:16 -04:00 committed by GitHub
commit ef705a862e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 60 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
umap/static/umap/js/modules/utils.js
View file

@ -84,11 +84,21 @@ export function escapeHTML(s) {
'div', 'div',
'iframe', 'iframe',
'img', 'img',
'audio',
'video',
'source',
'br', 'br',
'span', 'span',
], ],
ADD_ATTR: ['target', 'allow', 'allowfullscreen', 'frameborder', 'scrolling'], ADD_ATTR: [
ALLOWED_ATTR: ['href', 'src', 'width', 'height', 'style', 'dir', 'title'], 'target',
'allow',
'allowfullscreen',
'frameborder',
'scrolling',
'controls',
],
ALLOWED_ATTR: ['href', 'src', 'width', 'height', 'style', 'dir', 'title', 'type'],
// Added: `geo:` URL scheme as defined in RFC5870: // Added: `geo:` URL scheme as defined in RFC5870:
// https://www.rfc-editor.org/rfc/rfc5870.html // https://www.rfc-editor.org/rfc/rfc5870.html
// The base RegExp comes from: // The base RegExp comes from:

64
umap/static/umap/unittests/utils.js
View file

@ -192,6 +192,24 @@ describe('Utils', function () {
) )
}) })
it('should not escape video tag with dedicated attributes', function () {
assert.equal(
Utils.escapeHTML(
'<video width="100%" height="281" controls><source type="video/mp4" src="movie.mp4"></video>'
),
'<video controls="" height="281" width="100%"><source src="movie.mp4" type="video/mp4"></video>'
)
})
it('should not escape audio tag with dedicated attributes', function () {
assert.equal(
Utils.escapeHTML(
'<audio controls><source type="audio/ogg" src="horse.ogg"></audio>'
),
'<audio controls=""><source src="horse.ogg" type="audio/ogg"></audio>'
)
})
it('should not fail with int value', function () { it('should not fail with int value', function () {
assert.equal(Utils.escapeHTML(25), '25') assert.equal(Utils.escapeHTML(25), '25')
}) })
@ -461,13 +479,12 @@ describe('Utils', function () {
}) })
describe('#normalize()', function () { describe('#normalize()', function () {
it('should remove accents', it('should remove accents', function () {
function () { // French é
// French é assert.equal(Utils.normalize('aéroport'), 'aeroport')
assert.equal(Utils.normalize('aéroport'), 'aeroport') // American é
// American é assert.equal(Utils.normalize('aéroport'), 'aeroport')
assert.equal(Utils.normalize('aéroport'), 'aeroport') })
})
}) })
describe('#sortFeatures()', function () { describe('#sortFeatures()', function () {
@ -530,17 +547,17 @@ describe('Utils', function () {
}) })
}) })
describe("#copyJSON", function () { describe('#copyJSON', function () {
it('should actually copy the JSON', function () { it('should actually copy the JSON', function () {
let originalJSON = { "some": "json" } let originalJSON = { some: 'json' }
let returned = Utils.CopyJSON(originalJSON) let returned = Utils.CopyJSON(originalJSON)
// Change the original JSON // Change the original JSON
originalJSON["anotherKey"] = "value" originalJSON['anotherKey'] = 'value'
// ensure the two aren't the same object // ensure the two aren't the same object
assert.notEqual(returned, originalJSON) assert.notEqual(returned, originalJSON)
assert.deepEqual(returned, { "some": "json" }) assert.deepEqual(returned, { some: 'json' })
}) })
}) })
@ -599,19 +616,34 @@ describe('Utils', function () {
}) })
describe('parseNaiveDate', () => { describe('parseNaiveDate', () => {
it('should parse a date', () => { it('should parse a date', () => {
assert.equal(Utils.parseNaiveDate("2024/03/04").toISOString(), "2024-03-04T00:00:00.000Z") assert.equal(
Utils.parseNaiveDate('2024/03/04').toISOString(),
'2024-03-04T00:00:00.000Z'
)
}) })
it('should parse a datetime', () => { it('should parse a datetime', () => {
assert.equal(Utils.parseNaiveDate("2024/03/04 12:13:14").toISOString(), "2024-03-04T00:00:00.000Z") assert.equal(
Utils.parseNaiveDate('2024/03/04 12:13:14').toISOString(),
'2024-03-04T00:00:00.000Z'
)
}) })
it('should parse an iso datetime', () => { it('should parse an iso datetime', () => {
assert.equal(Utils.parseNaiveDate("2024-03-04T00:00:00.000Z").toISOString(), "2024-03-04T00:00:00.000Z") assert.equal(
Utils.parseNaiveDate('2024-03-04T00:00:00.000Z').toISOString(),
'2024-03-04T00:00:00.000Z'
)
}) })
it('should parse a GMT time', () => { it('should parse a GMT time', () => {
assert.equal(Utils.parseNaiveDate("04 Mar 2024 00:12:00 GMT").toISOString(), "2024-03-04T00:00:00.000Z") assert.equal(
Utils.parseNaiveDate('04 Mar 2024 00:12:00 GMT').toISOString(),
'2024-03-04T00:00:00.000Z'
)
}) })
it('should parse a GMT time with explicit timezone', () => { it('should parse a GMT time with explicit timezone', () => {
assert.equal(Utils.parseNaiveDate("Thu, 04 Mar 2024 00:00:00 GMT+0300").toISOString(), "2024-03-03T00:00:00.000Z") assert.equal(
Utils.parseNaiveDate('Thu, 04 Mar 2024 00:00:00 GMT+0300').toISOString(),
'2024-03-03T00:00:00.000Z'
)
}) })
}) })
}) })