From 841273327f8849f85df04f144d2810c9ece964b2 Mon Sep 17 00:00:00 2001
From: Pierre Gordon <16200219+pierlon@users.noreply.github.com>
Date: Thu, 7 Nov 2019 16:41:32 -0500
Subject: [PATCH] Omit `mozallowfullscreen` & `webkitallowfullscreen` when
sanitizing iframe (#3698)
---
includes/sanitizers/class-amp-iframe-sanitizer.php | 5 +++++
tests/php/test-amp-iframe-sanitizer.php | 10 ++++++++++
2 files changed, 15 insertions(+)
diff --git a/includes/sanitizers/class-amp-iframe-sanitizer.php b/includes/sanitizers/class-amp-iframe-sanitizer.php
index d884a9135eb..786989f0386 100644
--- a/includes/sanitizers/class-amp-iframe-sanitizer.php
+++ b/includes/sanitizers/class-amp-iframe-sanitizer.php
@@ -217,6 +217,11 @@ private function normalize_attributes( $attributes ) {
}
break;
+ case 'mozallowfullscreen':
+ case 'webkitallowfullscreen':
+ // Omit these since amp-iframe will add them if needed if the `allowfullscreen` attribute is present.
+ break;
+
default:
$out[ $name ] = $value;
break;
diff --git a/tests/php/test-amp-iframe-sanitizer.php b/tests/php/test-amp-iframe-sanitizer.php
index 944af756757..b62c5838ccb 100644
--- a/tests/php/test-amp-iframe-sanitizer.php
+++ b/tests/php/test-amp-iframe-sanitizer.php
@@ -400,6 +400,16 @@ public function get_data() {
'add_dev_mode' => true,
],
],
+
+ 'iframe_with_mozallowfullscreen_and_webkitallowfullscreen_attrs' => [
+ '',
+ '
+
+
+ ',
+ ],
];
}