From 46176b7dd7f84ba22b13b5c905f9ac0fb82ee3ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Guitaut?= <loic@discourse.org>
Date: Wed, 6 Apr 2022 15:19:41 +0200
Subject: [PATCH] =?UTF-8?q?DEV:=20Don=E2=80=99t=20patch=20Sanitize::Config?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently we’re reopening the `Sanitize::Config` class (which is part of
the `sanitize` gem) to put our custom config for Onebox in it. This is
unnecessary as we can simply create a dedicated module to hold our
custom configuration.
---
 lib/onebox.rb                                 |  2 +-
 .../discourse_onebox_sanitize_config.rb       | 18 ------------
 lib/onebox/preview.rb                         |  2 +-
 lib/onebox/sanitize_config.rb                 | 28 +++++++++++++------
 lib/oneboxer.rb                               |  2 +-
 5 files changed, 22 insertions(+), 30 deletions(-)
 delete mode 100644 lib/onebox/discourse_onebox_sanitize_config.rb

diff --git a/lib/onebox.rb b/lib/onebox.rb
index 12244ad75ec..e6e0eed187a 100644
--- a/lib/onebox.rb
+++ b/lib/onebox.rb
@@ -20,7 +20,7 @@ module Onebox
     load_paths: [File.join(Rails.root, "lib/onebox/templates")],
     allowed_ports: [80, 443],
     allowed_schemes: ["http", "https"],
-    sanitize_config: Sanitize::Config::ONEBOX,
+    sanitize_config: SanitizeConfig::ONEBOX,
     redirect_limit: 5
   }
 
diff --git a/lib/onebox/discourse_onebox_sanitize_config.rb b/lib/onebox/discourse_onebox_sanitize_config.rb
deleted file mode 100644
index b9ab7ae64cb..00000000000
--- a/lib/onebox/discourse_onebox_sanitize_config.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-module Onebox
-  class DiscourseOneboxSanitizeConfig
-    module Config
-      DISCOURSE_ONEBOX ||=
-        Sanitize::Config.freeze_config(
-          Sanitize::Config.merge(
-            Sanitize::Config::ONEBOX,
-            attributes: Sanitize::Config.merge(
-              Sanitize::Config::ONEBOX[:attributes],
-              'aside' => [:data]
-            )
-          )
-        )
-    end
-  end
-end
diff --git a/lib/onebox/preview.rb b/lib/onebox/preview.rb
index 9c856ed26ae..ade0dbe4809 100644
--- a/lib/onebox/preview.rb
+++ b/lib/onebox/preview.rb
@@ -81,7 +81,7 @@ module Onebox
     end
 
     def sanitize(html)
-      config = @options[:sanitize_config] || Sanitize::Config::ONEBOX
+      config = @options[:sanitize_config] || SanitizeConfig::ONEBOX
       config = config.merge(allowed_iframe_regexes: @options[:allowed_iframe_regexes])
 
       Sanitize.fragment(html, config)
diff --git a/lib/onebox/sanitize_config.rb b/lib/onebox/sanitize_config.rb
index 59cb48e0408..0dedde853ee 100644
--- a/lib/onebox/sanitize_config.rb
+++ b/lib/onebox/sanitize_config.rb
@@ -1,15 +1,14 @@
 # frozen_string_literal: true
 
-class Sanitize
-  module Config
-
+module Onebox
+  module SanitizeConfig
     HTTP_PROTOCOLS ||= ['http', 'https', :relative].freeze
 
-    ONEBOX ||= freeze_config merge(RELAXED,
-      elements: RELAXED[:elements] + %w[audio details embed iframe source video svg path],
+    ONEBOX ||= Sanitize::Config.freeze_config(Sanitize::Config.merge(Sanitize::Config::RELAXED,
+      elements: Sanitize::Config::RELAXED[:elements] + %w[audio details embed iframe source video svg path],
 
       attributes: {
-        'a' => RELAXED[:attributes]['a'] + %w(target),
+        'a' => Sanitize::Config::RELAXED[:attributes]['a'] + %w(target),
         'audio' => %w[controls controlslist],
         'embed' => %w[height src type width],
         'iframe' => %w[allowfullscreen frameborder height scrolling src width data-original-href data-unsanitized-src],
@@ -29,7 +28,7 @@ class Sanitize
         }
       },
 
-      transformers: (RELAXED[:transformers] || []) + [
+      transformers: (Sanitize::Config::RELAXED[:transformers] || []) + [
         lambda do |env|
           next unless env[:node_name] == 'a'
           a_tag = env[:node]
@@ -65,8 +64,19 @@ class Sanitize
       },
 
       css: {
-        properties: RELAXED[:css][:properties] + %w[--aspect-ratio]
+        properties: Sanitize::Config::RELAXED[:css][:properties] + %w[--aspect-ratio]
       }
-    )
+    ))
+
+    DISCOURSE_ONEBOX ||=
+      Sanitize::Config.freeze_config(
+        Sanitize::Config.merge(
+          ONEBOX,
+          attributes: Sanitize::Config.merge(
+            ONEBOX[:attributes],
+            'aside' => [:data]
+          )
+        )
+      )
   end
 end
diff --git a/lib/oneboxer.rb b/lib/oneboxer.rb
index 29585fdc54f..8efc2cf697d 100644
--- a/lib/oneboxer.rb
+++ b/lib/oneboxer.rb
@@ -425,7 +425,7 @@ module Oneboxer
 
       onebox_options = {
         max_width: 695,
-        sanitize_config: Onebox::DiscourseOneboxSanitizeConfig::Config::DISCOURSE_ONEBOX,
+        sanitize_config: Onebox::SanitizeConfig::DISCOURSE_ONEBOX,
         allowed_iframe_origins: allowed_iframe_origins,
         hostname: GlobalSetting.hostname,
         facebook_app_access_token: SiteSetting.facebook_app_access_token,