Added twitch.tv to allowed sites to be sanitized (#3021)

Seneca-CDOT · Feb 21, 2022 · 8f04242 · 8f04242
1 parent 1b7ae4c
commit 8f04242
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/src/backend/utils/html/sanitize.js b/src/backend/utils/html/sanitize.js
@@ -49,6 +49,7 @@ module.exports = function (dirty) {
     },
     allowedIframeHostnames: [
       'www.youtube.com',
+      'www.twitch.tv',
       'player.vimeo.com',
       'giphy.com',
       'cdn.embedly.com',

diff --git a/src/backend/web/app.js b/src/backend/web/app.js
@@ -23,7 +23,7 @@ app.use(
             directives: {
               defaultSrc: ["'self'"],
               fontSrc: ["'self'", 'https:', 'data:'],
-              frameSrc: ["'self'", '*.youtube.com', '*.vimeo.com'],
+              frameSrc: ["'self'", '*.youtube.com', '*.vimeo.com', '*.twitch.tv'],
               frameAncestors: ["'self'"],
               imgSrc: ["'self'", 'data:', 'https:'],
               scriptSrc: [

diff --git a/test/sanitize-html.test.js b/test/sanitize-html.test.js
@@ -143,4 +143,9 @@ describe('Sanitize HTML', () => {
       '<table><tbody><tr><td><a href="www.senecacollege.ca"><img src="https://1.bp.blogspot.com/11.JPG" /></a></td></tr><tr><td>The Final Product</td></tr></tbody></table>'
     );
   });
+
+  test('twitch.tv embedded content should not be removed', () => {
+    const data = sanitizeHTML('<iframe src="https://www.twitch.tv/0pensrc"></iframe>');
+    expect(data).toBe('<iframe src="https://www.twitch.tv/0pensrc"></iframe>');
+  });
 });