FEATURE: whitelist lang attribute

2018-08-02 16:53:08 +10:00 · 2018-08-02 16:53:08 +10:00 · 0b3d51a8bc
parent b76d17881b
commit 0b3d51a8bc
2 changed files with 8 additions and 0 deletions
--- a/app/assets/javascripts/pretty-text/white-lister.js.es6
+++ b/app/assets/javascripts/pretty-text/white-lister.js.es6
@ -136,6 +136,7 @@ const DEFAULT_LIST = [
  "div.quote-controls",
  "div.title",
  "div[align]",
+  "div[lang]",
  "div[data-*]" /* This may seem a bit much but polls does
                    it anyway and this is needed for themes,
                    special code in sanitizer handles data-*
@ -170,9 +171,11 @@ const DEFAULT_LIST = [
  "ol",
  "ol[start]",
  "p",
+  "p[lang]",
  "pre",
  "s",
  "small",
+  "span[lang]",
  "span.excerpt",
  "span.hashtag",
  "span.mention",
--- a/spec/components/pretty_text_spec.rb
+++ b/spec/components/pretty_text_spec.rb
@ -1307,4 +1307,9 @@ HTML
    expect(cooked).to include("data-theme-a")
  end

+  it "whitelists lang attribute" do
+    cooked = PrettyText.cook("<p lang='fr'>tester</p><div lang='fr'>tester</div><span lang='fr'>tester</span>")
+    expect(cooked).to eq("<p lang=\"fr\">tester</p><div lang=\"fr\">tester</div><span lang=\"fr\">tester</span>")
+  end
+
 end