From 722962f11bf1ebaf4721890e5e2216b68a122937 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Gaya?= <sebastien.gaya@gmail.com>
Date: Wed, 27 Oct 2021 10:16:49 +0200
Subject: [PATCH] #27

---
 app/models/research/journal/article.rb        |  2 +-
 app/services/wordpress.rb                     | 10 +++-
 db/schema.rb                                  |  2 +-
 .../university/schools_controller_test.rb     | 48 -------------------
 test/fixtures/university/schools.yml          | 21 --------
 test/models/university/school_test.rb         |  7 ---
 test/models/wordpress_test.rb                 |  3 +-
 7 files changed, 12 insertions(+), 81 deletions(-)
 delete mode 100644 test/controllers/university/schools_controller_test.rb
 delete mode 100644 test/fixtures/university/schools.yml
 delete mode 100644 test/models/university/school_test.rb

diff --git a/app/models/research/journal/article.rb b/app/models/research/journal/article.rb
index 6dbbde909..b389b460a 100644
--- a/app/models/research/journal/article.rb
+++ b/app/models/research/journal/article.rb
@@ -11,7 +11,7 @@
 #  text                       :text
 #  title                      :string
 #  created_at                 :datetime         not null
-#  updated_at                 :date             not null
+#  updated_at                 :datetime         not null
 #  research_journal_id        :uuid             not null
 #  research_journal_volume_id :uuid
 #  university_id              :uuid             not null
diff --git a/app/services/wordpress.rb b/app/services/wordpress.rb
index 927d58444..6eda98ebd 100644
--- a/app/services/wordpress.rb
+++ b/app/services/wordpress.rb
@@ -12,12 +12,18 @@ class Wordpress
 
   def self.clean_html(html)
     # Relaxed config : https://github.com/rgrove/sanitize/blob/main/lib/sanitize/config/relaxed.rb
+    # iframe attributes from MDN : https://developer.mozilla.org/fr/docs/Web/HTML/Element/iframe
     fragment = Sanitize.fragment(html, Sanitize::Config.merge(Sanitize::Config::RELAXED,
       attributes: Sanitize::Config::RELAXED[:attributes].merge({
         all: Sanitize::Config::RELAXED[:attributes][:all].dup.delete('class'),
-        'a' => Sanitize::Config::RELAXED[:attributes]['a'].dup.delete('rel')
+        'a' => Sanitize::Config::RELAXED[:attributes]['a'].dup.delete('rel'),
+        'iframe' => [
+          'allow', 'allowfullscreen', 'allowpaymentrequest', 'csp', 'height', 'loading',
+          'name', 'referrerpolicy', 'sandbox', 'src', 'srcdoc', 'width', 'align',
+          'frameborder', 'longdesc', 'marginheight', 'marginwidth', 'scrolling'
+        ]
       }),
-      elements: Set.new(Sanitize::Config::RELAXED[:elements]).delete('div'),
+      elements: Set.new(Sanitize::Config::RELAXED[:elements]).delete('div') + ['iframe'],
       whitespace_elements: {
         'div' => { :before => "", :after => "" }
       }
diff --git a/db/schema.rb b/db/schema.rb
index 2fa016e40..3b75d9b9f 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -287,7 +287,7 @@ ActiveRecord::Schema.define(version: 2021_10_26_142142) do
     t.uuid "research_journal_id", null: false
     t.uuid "research_journal_volume_id"
     t.datetime "created_at", precision: 6, null: false
-    t.date "updated_at", null: false
+    t.datetime "updated_at", precision: 6, null: false
     t.uuid "updated_by_id"
     t.text "abstract"
     t.text "references"
diff --git a/test/controllers/university/schools_controller_test.rb b/test/controllers/university/schools_controller_test.rb
deleted file mode 100644
index cebe7f55a..000000000
--- a/test/controllers/university/schools_controller_test.rb
+++ /dev/null
@@ -1,48 +0,0 @@
-require "test_helper"
-
-class University::SchoolsControllerTest < ActionDispatch::IntegrationTest
-  setup do
-    @university_school = university_schools(:one)
-  end
-
-  test "should get index" do
-    get university_schools_url
-    assert_response :success
-  end
-
-  test "should get new" do
-    get new_university_school_url
-    assert_response :success
-  end
-
-  test "should create university_school" do
-    assert_difference('University::School.count') do
-      post university_schools_url, params: { university_school: { address: @university_school.address, city: @university_school.city, country: @university_school.country, latitude: @university_school.latitude, longitude: @university_school.longitude, name: @university_school.name, university_id: @university_school.university_id, zipcode: @university_school.zipcode } }
-    end
-
-    assert_redirected_to university_school_url(University::School.last)
-  end
-
-  test "should show university_school" do
-    get university_school_url(@university_school)
-    assert_response :success
-  end
-
-  test "should get edit" do
-    get edit_university_school_url(@university_school)
-    assert_response :success
-  end
-
-  test "should update university_school" do
-    patch university_school_url(@university_school), params: { university_school: { address: @university_school.address, city: @university_school.city, country: @university_school.country, latitude: @university_school.latitude, longitude: @university_school.longitude, name: @university_school.name, university_id: @university_school.university_id, zipcode: @university_school.zipcode } }
-    assert_redirected_to university_school_url(@university_school)
-  end
-
-  test "should destroy university_school" do
-    assert_difference('University::School.count', -1) do
-      delete university_school_url(@university_school)
-    end
-
-    assert_redirected_to university_schools_url
-  end
-end
diff --git a/test/fixtures/university/schools.yml b/test/fixtures/university/schools.yml
deleted file mode 100644
index b6652d0a1..000000000
--- a/test/fixtures/university/schools.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
-
-one:
-  university: one
-  name: MyString
-  address: MyString
-  zipcode: MyString
-  city: MyString
-  country: MyString
-  latitude: 1.5
-  longitude: 1.5
-
-two:
-  university: two
-  name: MyString
-  address: MyString
-  zipcode: MyString
-  city: MyString
-  country: MyString
-  latitude: 1.5
-  longitude: 1.5
diff --git a/test/models/university/school_test.rb b/test/models/university/school_test.rb
deleted file mode 100644
index f27e5f1bc..000000000
--- a/test/models/university/school_test.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-require "test_helper"
-
-class University::SchoolTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
-end
diff --git a/test/models/wordpress_test.rb b/test/models/wordpress_test.rb
index 24a521050..8ab63b607 100644
--- a/test/models/wordpress_test.rb
+++ b/test/models/wordpress_test.rb
@@ -61,6 +61,7 @@ class WordpressTest < ActiveSupport::TestCase
   end
 
   test "authorize iframes" do
-
+    assert_equal "<figure><iframe loading=\"lazy\" title=\"Le Bachelor Universitaire de Technologie, qu'est-ce que c'est ? - LES IUT\" width=\"640\" height=\"360\" src=\"https://www.youtube.com/embed/5xbeKHi0txk?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"\"></iframe></figure>",
+                 Wordpress.clean_html('<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper"><iframe loading="lazy" title="Le Bachelor Universitaire de Technologie, qu&#039;est-ce que c&#039;est ? - LES IUT" width="640" height="360" src="https://www.youtube.com/embed/5xbeKHi0txk?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></div></figure>')
   end
 end
-- 
GitLab