From 841273327f8849f85df04f144d2810c9ece964b2 Mon Sep 17 00:00:00 2001 From: Pierre Gordon <16200219+pierlon@users.noreply.github.com> Date: Thu, 7 Nov 2019 16:41:32 -0500 Subject: [PATCH] Omit `mozallowfullscreen` & `webkitallowfullscreen` when sanitizing iframe (#3698) --- includes/sanitizers/class-amp-iframe-sanitizer.php | 5 +++++ tests/php/test-amp-iframe-sanitizer.php | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/includes/sanitizers/class-amp-iframe-sanitizer.php b/includes/sanitizers/class-amp-iframe-sanitizer.php index d884a9135eb..786989f0386 100644 --- a/includes/sanitizers/class-amp-iframe-sanitizer.php +++ b/includes/sanitizers/class-amp-iframe-sanitizer.php @@ -217,6 +217,11 @@ private function normalize_attributes( $attributes ) { } break; + case 'mozallowfullscreen': + case 'webkitallowfullscreen': + // Omit these since amp-iframe will add them if needed if the `allowfullscreen` attribute is present. + break; + default: $out[ $name ] = $value; break; diff --git a/tests/php/test-amp-iframe-sanitizer.php b/tests/php/test-amp-iframe-sanitizer.php index 944af756757..b62c5838ccb 100644 --- a/tests/php/test-amp-iframe-sanitizer.php +++ b/tests/php/test-amp-iframe-sanitizer.php @@ -400,6 +400,16 @@ public function get_data() { 'add_dev_mode' => true, ], ], + + 'iframe_with_mozallowfullscreen_and_webkitallowfullscreen_attrs' => [ + '', + ' + + + ', + ], ]; }