From 07f0f2417b7fd237ad2c1d9f2af04aa384ef8345 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Mon, 11 Apr 2022 10:40:07 -0700 Subject: [PATCH] Fix collection of noscript-allowed attributes (#7036) --- includes/sanitizers/trait-amp-noscript-fallback.php | 10 ++++++++++ tests/php/test-amp-img-sanitizer.php | 9 +++++++++ 2 files changed, 19 insertions(+) diff --git a/includes/sanitizers/trait-amp-noscript-fallback.php b/includes/sanitizers/trait-amp-noscript-fallback.php index 8872cf112c9..9bd08f132d1 100644 --- a/includes/sanitizers/trait-amp-noscript-fallback.php +++ b/includes/sanitizers/trait-amp-noscript-fallback.php @@ -7,6 +7,7 @@ use AmpProject\Dom\Document; use AmpProject\Html\Attribute; +use AmpProject\Html\Tag; /** * Trait AMP_Noscript_Fallback @@ -43,6 +44,15 @@ protected function initialize_noscript_allowed_attributes( $tag ) { ); foreach ( AMP_Allowed_Tags_Generated::get_allowed_tag( $tag ) as $tag_spec ) { // Normally 1 iteration. + if ( + ! ( + ( isset( $tag_spec['tag_spec']['mandatory_ancestor'] ) && Tag::NOSCRIPT === $tag_spec['tag_spec']['mandatory_ancestor'] ) + || + ( isset( $tag_spec['tag_spec']['mandatory_parent'] ) && Tag::NOSCRIPT === $tag_spec['tag_spec']['mandatory_parent'] ) + ) + ) { + continue; + } foreach ( $tag_spec['attr_spec_list'] as $attr_name => $attr_spec ) { $this->noscript_fallback_allowed_attributes[ $attr_name ] = true; if ( isset( $attr_spec['alternative_names'] ) ) { diff --git a/tests/php/test-amp-img-sanitizer.php b/tests/php/test-amp-img-sanitizer.php index 9bbdaa0191d..26b3075a6b5 100644 --- a/tests/php/test-amp-img-sanitizer.php +++ b/tests/php/test-amp-img-sanitizer.php @@ -585,6 +585,15 @@ public function get_data() { 'fbpx', '', ], + + + 'hero_img_with_noscript_fallback' => [ + '', + '', + [ + 'native_img_used' => false, + ], + ], ]; }