Merge pull request #892 from Automattic/fix/script-tags-output-cdata

Address an issue where <script> tags aren't stripped.
ampproject · Jan 24, 2018 · 0e494a7 · 0e494a7
2 parents a5629f9 + d25e48f
commit 0e494a7
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 1,444 deletions.
diff --git a/bin/amphtml-fix.diff b/bin/amphtml-fix.diff
diff --git a/bin/amphtml-update.py b/bin/amphtml-update.py
@@ -5,7 +5,7 @@
 Follow the steps below to generate a new version of the allowed tags class:
 
 - Download a copy of the latet AMPHTML repository from github:
-	
+
 	git clone [email protected]:ampproject/amphtml.git
 
 - Copy this file into the repo's validator subdirectory:
@@ -99,7 +99,7 @@ def GenValidatorProtoascii(out_dir):
 
 
 def GeneratePHP(out_dir):
-	"""Calls validator_gen_md to generate validator-generated.md.
+	"""Generates PHP for WordPress AMP plugin to consume.
 
 	Args:
 		out_dir: directory name of the output directory. Must not have slashes,
@@ -223,15 +223,15 @@ def GenerateAttributesPHP(out, attributes, indent_level = 4):
 	indent = ''
 	for i in range(0,indent_level):
 		indent += '\t'
-	
+
 	sorted_attributes = sorted(attributes.items())
 	for (attribute, values) in collections.OrderedDict(sorted_attributes).iteritems():
 		logging.info('generating php for attribute: %s...' % attribute.lower())
 		out.append('%s\'%s\' => array(' % (indent, attribute.lower()))
 		GeneratePropertiesPHP(out, values)
 		out.append('%s),' % indent)
 		logging.info('...done with: %s' % attribute.lower())
-	
+
 	out.append('')
 	logging.info('... done')
 
@@ -336,7 +336,6 @@ def ParseRules(out_dir):
 	# are checked by CheckPrereqs.
 	from google.protobuf import text_format
 	from amp_wp import validator_pb2
-	import validator_gen_md
 
 	allowed_tags = {}
 	attr_lists = {}
@@ -399,7 +398,14 @@ def ParseRules(out_dir):
 				else:
 					tag_list = allowed_tags[UnicodeEscape(tag_spec.tag_name)]
 				# AddTag(allowed_tags, tag_spec, attr_lists)
-				tag_list.append(GetTagSpec(tag_spec, attr_lists))
+
+				gotten_tag_spec = GetTagSpec(tag_spec, attr_lists)
+
+				# Temporarily skip extension SCRIPT elemeents which appear in the HEAD.
+				if 'SCRIPT' == tag_spec.tag_name and gotten_tag_spec['tag_spec'].get( '_is_extension_spec', False ):
+					continue
+
+				tag_list.append(gotten_tag_spec)
 				allowed_tags[UnicodeEscape(tag_spec.tag_name)] = tag_list
 
 	logging.info('... done')
@@ -449,6 +455,9 @@ def GetTagRules(tag_spec):
 				html_format_list.append('amp4ads')
 		tag_rules['html_format'] = {'html_format': html_format_list}
 
+	if tag_spec.HasField('extension_spec'):
+		tag_rules['_is_extension_spec'] = True;
+
 	if tag_spec.HasField('mandatory'):
 		tag_rules['mandatory'] = tag_spec.mandatory
 

diff --git a/bin/amphtml-update.sh b/bin/amphtml-update.sh
@@ -27,18 +27,15 @@ if [[ ! -e $VENDOR_PATH/amphtml ]]; then
 	git clone https://github.com/ampproject/amphtml amphtml
 else
 	cd $VENDOR_PATH/amphtml/validator
-	git pull
+	if [ 'master' == $( git rev-parse --abbrev-ref HEAD ) ]; then
+		git pull origin master
+	fi
 fi
 
 # Copy script to location and go there.
 cp $BIN_PATH/amphtml-update.py $VENDOR_PATH/amphtml/validator
 cd $VENDOR_PATH/amphtml/validator
 
-# Temporary fix until https://github.com/ampproject/amphtml/issues/12371 is addressed.
-if [ ! -f $VENDOR_PATH/amphtml/validator/validator_gen_md.py ]; then
-	git apply $BIN_PATH/amphtml-fix.diff
-fi
-
 # Run script.
 python amphtml-update.py
 cp amp_wp/class-amp-allowed-tags-generated.php ../../../includes/sanitizers/