# frozen_string_literal: true require "spec_helper" describe OtwSanitize::MediaSanitizer do describe ".transformer" do it "returns a callable object" do transform = OtwSanitize::MediaSanitizer.transformer expect(transform).to respond_to(:call) end context "when sanitizing" do let(:config) do Sanitize::Config.merge( Sanitize::Config::BASIC, transformers: [ OtwSanitize::MediaSanitizer.transformer ] ) end it "allows audio elements" do html = "" content = Sanitize.fragment(html, config) expect(content).to match(/audio/) end it "allows video elements" do html = "" content = Sanitize.fragment(html, config) expect(content).to match(/video/) end it "adds video defaults" do html = "" content = Sanitize.fragment(html, config) expect(content).to match("controls=\"controls\"") expect(content).to match("crossorigin=\"anonymous\"") expect(content).to match("preload=\"metadata\"") expect(content).to match("playsinline=\"playsinline\"") end it "adds audio defaults" do html = "" content = Sanitize.fragment(html, config) expect(content).to match("controls=\"controls\"") expect(content).to match("crossorigin=\"anonymous\"") expect(content).to match("preload=\"metadata\"") end it "allows source elements" do html = " " content = Sanitize.fragment(html, config) expect(content).to match("flower.webm") end it "does not close source elements" do html = " " content = Sanitize.fragment(html, config) expect(content).to match("") end it "allows track elements" do html = " " content = Sanitize.fragment(html, config) expect(content).to match("japanese.vtt") end it "does not close track elements" do html = " " content = Sanitize.fragment(html, config) expect(content).to match("") end it "does not remove internal html" do html = "" content = Sanitize.fragment(html, config) expect(content).to match("

") expect(content).to match("xyz") end it "fills in values for allowlisted boolean attributes" do html = " " content = Sanitize.fragment(html, config) expect(content).to match('muted="muted"') expect(content).to match('loop="loop"') expect(content).to match('default="default"') end it "removes unallowlisted attributes" do html = " " content = Sanitize.fragment(html, config) expect(content).to match("source") expect(content).not_to match("onerror") expect(content).not_to match("alert") end it "removes javascript from poster attribute" do html = " " content = Sanitize.fragment(html, config) expect(content).not_to match("poster") expect(content).not_to match("javascript") end %w[audio video source track].each do |element| it "removes src on #{element} elements for unsupported protocols" do html = "<#{element} src='file://flower.mp4'>" content = Sanitize.fragment(html, config) expect(content).not_to match("src") expect(content).not_to match("file://") end end context "given a blacklisted source" do before do ArchiveConfig.BANNED_MULTIMEDIA_SRCS = ["google.com"] end after do ArchiveConfig.BANNED_MULTIMEDIA_SRCS = [] end it "strips the source element" do html = " " content = Sanitize.fragment(html, config) expect(content).not_to match("source") expect(content).not_to match("flower.mp4") end it "strips the track element" do html = " " content = Sanitize.fragment(html, config) expect(content).not_to match("track") expect(content).not_to match("japanese.vtt") end it "strips the video element" do html = " " content = Sanitize.fragment(html, config) expect(content).not_to match("video") expect(content).not_to match("flower.mp4") end it "strips the audio element" do html = " " content = Sanitize.fragment(html, config) expect(content).not_to match("audio") expect(content).not_to match("tune.mp3") end end end end end