New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for mandatory_oneof and mandatory_anyof attribute constraints #938
Comments
This will be fixed by implementing support for See: |
This has come up again: https://wordpress.org/support/topic/how-to-add-allow-presentation-attribute-to-amp-iframe/ |
This came up yet again, but for a different reason: https://wordpress.org/support/topic/the-tag-iframe-is-missing-a-mandatory-attribute/ |
Compare with
Neither of these constraints are being applied currently. Per @choumx, “ |
Good catch that amp-script should use |
@choumx Should it? I thought this made sense because |
Correct, so an amp-script that has both |
So then should So this should be valid AMP: <amp-iframe
width="640"
height="480"
layout="responsive"
src="https://example.com"
srcdoc="<!doctype html> <html> <head> <title>Example Domain</title> <meta charset="utf-8" /> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style type="text/css"> body { background-color: #f0f0f2; margin: 0; padding: 0; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 50px; background-color: #fff; border-radius: 1em; } a:link, a:visited { color: #38488f; text-decoration: none; } @media (max-width: 700px) { body { background-color: #fff; } div { width: auto; margin: 0 auto; border-radius: 0; padding: 1em; } } </style> </head> <body> <div> <h1>Example Domain</h1> <p>This domain is established to be used for illustrative examples in documents. You may use this domain in examples without prior coordination or asking for permission.</p> <p><a href="http://www.iana.org/domains/example">More information...</a></p> </div> </body> </html>"
>
<span placeholder>...</span>
</amp-iframe> But it is not. |
Do you know if there's a related bug on such browsers? Asking because it looks like amp-iframe converts srcdoc to a data URI under the hood: https://github.com/ampproject/amphtml/blob/a033bc12b94cde56887bdde7ea543c089d3502de/extensions/amp-iframe/0.1/amp-iframe.js#L255-L262 |
Interesting. I wasn't aware of that. If that's the case, where |
Implementation: Hi @westonruter, For the diff --git a/bin/amphtml-update.py b/bin/amphtml-update.py
index 469d74469..7d9bf7d42 100644
--- a/bin/amphtml-update.py
+++ b/bin/amphtml-update.py
@@ -708,6 +708,10 @@ def GetValues(attr_spec):
if attr_spec.HasField('mandatory'):
value_dict['mandatory'] = attr_spec.mandatory
+ if attr_spec.HasField('mandatory_oneof'):
+ mandatory_oneof = attr_spec.mandatory_oneof.lstrip('[').rstrip(']').split(', ')
+ value_dict['mandatory_oneof'] = [oneof.strip("'") for oneof in mandatory_oneof]
+
# Add allowed value
if attr_spec.value:
diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index 6786a213d..b3c6a0540 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -57,6 +57,7 @@ class AMP_Tag_And_Attribute_Sanitizer extends AMP_Base_Sanitizer {
const INVALID_BLACKLISTED_VALUE_REGEX = 'INVALID_BLACKLISTED_VALUE_REGEX';
const DISALLOWED_PROPERTY_IN_ATTR_VALUE = 'DISALLOWED_PROPERTY_IN_ATTR_VALUE';
const ATTR_REQUIRED_BUT_MISSING = 'ATTR_REQUIRED_BUT_MISSING';
+ const MANDATORY_ONEOF_ATTR_MISSING = 'MANDATORY_ONEOF_ATTR_MISSING';
const INVALID_LAYOUT_WIDTH = 'INVALID_LAYOUT_WIDTH';
const INVALID_LAYOUT_HEIGHT = 'INVALID_LAYOUT_HEIGHT';
const INVALID_LAYOUT_AUTO_HEIGHT = 'INVALID_LAYOUT_AUTO_HEIGHT';
@@ -729,6 +730,19 @@ class AMP_Tag_And_Attribute_Sanitizer extends AMP_Base_Sanitizer {
return null;
}
+ // If there is a 'mandatory_oneof' value and exactly one of the required attributes isn't present, remove the element.
+ if ( $this->is_missing_mandatory_oneof_attribute( $merged_attr_spec_list, $node ) ) {
+ $this->remove_invalid_child(
+ $node,
+ [
+ 'code' => self::MANDATORY_ONEOF_ATTR_MISSING,
+ // Maybe also include an 'attributes' value.
+ 'spec_name' => $this->get_spec_name( $node, $tag_spec ),
+ ]
+ );
+ return null;
+ }
+
// Add required AMP component scripts.
$script_components = [];
if ( ! empty( $tag_spec['requires_extension'] ) ) {
@@ -774,6 +788,8 @@ class AMP_Tag_And_Attribute_Sanitizer extends AMP_Base_Sanitizer {
return 0 !== count( $this->get_missing_mandatory_attributes( $attr_spec, $node ) );
}
+ private function is_missing_mandatory_oneof_attribute( $attr_spec, DOMElement $node ) {}
+
/**
* Get list of mandatory missing mandatory attributes.
* Also, It'll be good to avoid checking the same For example, the same
|
Seems like a good approach at first glance. |
Thanks! |
Whenever this is ready for QA, these testing instructions should be fine: #4285 (comment) |
Updated Testing Instruction Please use these instead.
<iframe src="about:blank"> ...should result in the
<amp-list width="400" height="400"></amp-list> |
Hi @kienstra - seeing the validation error as described above for the 2nd case, but looks different for the first. What I'm seeing is: |
Hi @csossi, Maybe there was a recent deployment that fixed this. But it looks like adding the markup from case 2 above to a Custom HTML block: <amp-list width="400" height="400"></amp-list> ...results in the expected message: Do you see that also? Thanks, Claudio! |
Verified in QA (able to replicate message above) |
Nice, thanks! |
Feature description
Someone had a
<iframe src="about:blank">
in a post on https://wordpress.org/support/topic/google-console-error/#post-9946202This is resulting in an
<amp-iframe>
being rendered but without asrc
attribute. The result is in valid AMP becausesrc
is mandatory.The whitelist sanitizer should be removing the
<amp-iframe>
in this case I should think. But otherwise, the iframe sanitizer itself can preemptively remove the iframe to ensure validity. Perhaps a placeholder could be put there in its place.Do not alter or remove anything below. The following sections will be managed by moderators only.
Acceptance criteria
<iframe src="about:blank">
is in a post the whitelist sanitizer should be removing the<amp-iframe>
Implementation brief
QA testing instructions
Demo
Changelog entry
The text was updated successfully, but these errors were encountered: