Add sanitization reporting

amp.php

@@ -95,6 +95,7 @@ function amp_after_setup_theme() {
 	add_action( 'wp_loaded', 'amp_add_options_menu' );
 	add_action( 'parse_query', 'amp_correct_query_when_is_front_page' );
 	AMP_Post_Type_Support::add_post_type_support();
+	AMP_Validation_Utils::init();
 }
 add_action( 'after_setup_theme', 'amp_after_setup_theme', 5 );
 

includes/class-amp-autoloader.php

@@ -83,6 +83,7 @@ class AMP_Autoloader {
 		'AMP_DOM_Utils'                               => 'includes/utils/class-amp-dom-utils',
 		'AMP_HTML_Utils'                              => 'includes/utils/class-amp-html-utils',
 		'AMP_Image_Dimension_Extractor'               => 'includes/utils/class-amp-image-dimension-extractor',
+		'AMP_Validation_Utils'                        => 'includes/utils/class-amp-validation-utils',
 		'AMP_String_Utils'                            => 'includes/utils/class-amp-string-utils',
 		'AMP_WP_Utils'                                => 'includes/utils/class-amp-wp-utils',
 		'AMP_Widget_Archives'                         => 'includes/widgets/class-amp-widget-archives',

includes/class-amp-theme-support.php

@@ -760,13 +760,27 @@ public static function finish_output_buffering() {
 	 *
 	 * @since 0.7
 	 *
-	 * @param string $response HTML document response.
+	 * @param string $response HTML document response. By default it expects a complete document.
+	 * @param array  $args {
+	 *     Args to send to the preprocessor/sanitizer.
+	 *
+	 *     @type callable $remove_invalid_callback Function to call whenever a node is removed due to being invalid.
+	 * }
 	 * @return string AMP document response.
 	 * @global int $content_width
 	 */
-	public static function prepare_response( $response ) {
+	public static function prepare_response( $response, $args = array() ) {
 		global $content_width;
 
+		$args = array_merge(
+			array(
+				'content_max_width'       => ! empty( $content_width ) ? $content_width : AMP_Post_Template::CONTENT_MAX_WIDTH, // Back-compat.
+				'use_document_element'    => true,
+				'remove_invalid_callback' => null,
+			),
+			$args
+		);
+
 		/*
 		 * Make sure that <meta charset> is present in output prior to parsing.
 		 * Note that the meta charset is supposed to appear within the first 1024 bytes.
@@ -780,11 +794,7 @@ public static function prepare_response( $response ) {
 				1
 			);
 		}
-		$dom  = AMP_DOM_Utils::get_dom( $response );
-		$args = array(
-			'content_max_width'    => ! empty( $content_width ) ? $content_width : AMP_Post_Template::CONTENT_MAX_WIDTH, // Back-compat.
-			'use_document_element' => true,
-		);
+		$dom = AMP_DOM_Utils::get_dom( $response );
 
 		// First ensure the mandatory amp attribute is present on the html element, as otherwise it will be stripped entirely.
 		if ( ! $dom->documentElement->hasAttribute( 'amp' ) && ! $dom->documentElement->hasAttribute( '⚡️' ) ) {
@@ -798,7 +808,7 @@ public static function prepare_response( $response ) {
 		// @todo If 'utf-8' is not the blog charset, then we'll need to do some character encoding conversation or "entityification".
 		if ( 'utf-8' !== strtolower( get_bloginfo( 'charset' ) ) ) {
 			/* translators: %s is the charset of the current site */
-			trigger_error( esc_html( sprintf( __( 'The database has the %s encoding when it needs to be utf-8 to work with AMP.', 'amp' ), get_bloginfo( 'charset' ) ), E_USER_WARNING ) ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
+			trigger_error( esc_html( sprintf( __( 'The database has the %s encoding when it needs to be utf-8 to work with AMP.', 'amp' ), get_bloginfo( 'charset' ) ) ), E_USER_WARNING ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
 		}
 
 		$response  = "<!DOCTYPE html>\n";

includes/sanitizers/class-amp-audio-sanitizer.php

@@ -81,7 +81,7 @@ public function sanitize() {
 			 * @see: https://github.com/ampproject/amphtml/issues/2261
 			 */
 			if ( 0 === $new_node->childNodes->length && empty( $new_attributes['src'] ) ) {
-				$node->parentNode->removeChild( $node );
+				$this->remove_invalid_child( $node );
 			} else {
 				$node->parentNode->replaceChild( $new_node, $node );
 			}

includes/sanitizers/class-amp-base-sanitizer.php

@@ -304,4 +304,42 @@ public function maybe_enforce_https_src( $src, $force_https = false ) {
 
 		return $src;
 	}
+
+	/**
+	 * Removes an invalid child of a node.
+	 *
+	 * Also, calls the mutation callback for it.
+	 * This tracks all the nodes that were removed.
+	 *
+	 * @since 0.7
+	 *
+	 * @param DOMElement $child The node to remove.
+	 * @return void.
+	 */
+	public function remove_invalid_child( $child ) {
+		$child->parentNode->removeChild( $child );
+		if ( isset( $this->args['remove_invalid_callback'] ) ) {
+			call_user_func( $this->args['remove_invalid_callback'], $child, AMP_Validation_Utils::NODE_REMOVED );
+		}
+	}
+
+	/**
+	 * Removes an invalid attribute of a node.
+	 *
+	 * Also, calls the mutation callback for it.
+	 * This tracks all the attributes that were removed.
+	 *
+	 * @since 0.7
+	 *
+	 * @param DOMElement $element   The node for which to remove the attribute.
+	 * @param string     $attribute The attribute to remove from the node.
+	 * @return void.
+	 */
+	public function remove_invalid_attribute( $element, $attribute ) {
+		$element->removeAttribute( $attribute );
+		if ( isset( $this->args['remove_invalid_callback'] ) ) {
+			call_user_func( $this->args['remove_invalid_callback'], $element, AMP_Validation_Utils::ATTRIBUTE_REMOVED, $attribute );
+		}
+	}
+
 }

includes/sanitizers/class-amp-blacklist-sanitizer.php

@@ -73,13 +73,13 @@ private function strip_attributes_recursive( $node, $bad_attributes, $bad_protoc
 				$attribute      = $node->attributes->item( $i );
 				$attribute_name = strtolower( $attribute->name );
 				if ( in_array( $attribute_name, $bad_attributes, true ) ) {
-					$node->removeAttribute( $attribute_name );
+					$this->remove_invalid_attribute( $node, $attribute_name );
 					continue;
 				}
 
 				// The on* attributes (like onclick) are a special case.
 				if ( 0 === stripos( $attribute_name, 'on' ) && 'on' !== $attribute_name ) {
-					$node->removeAttribute( $attribute_name );
+					$this->remove_invalid_attribute( $node, $attribute_name );
 					continue;
 				} elseif ( 'a' === $node_name ) {
 					$this->sanitize_a_attribute( $node, $attribute );
@@ -112,10 +112,10 @@ private function strip_tags( $node, $tag_names ) {
 			for ( $i = $length - 1; $i >= 0; $i-- ) {
 				$element     = $elements->item( $i );
 				$parent_node = $element->parentNode;
-				$parent_node->removeChild( $element );
+				$this->remove_invalid_child( $element );
 
 				if ( 'body' !== $parent_node->nodeName && AMP_DOM_Utils::is_node_empty( $parent_node ) ) {
-					$parent_node->parentNode->removeChild( $parent_node );
+					$this->remove_invalid_child( $parent_node );
 				}
 			}
 		}
@@ -134,13 +134,13 @@ private function sanitize_a_attribute( $node, $attribute ) {
 			$old_value = $attribute->value;
 			$new_value = trim( preg_replace( self::PATTERN_REL_WP_ATTACHMENT, '', $old_value ) );
 			if ( empty( $new_value ) ) {
-				$node->removeAttribute( $attribute_name );
+				$this->remove_invalid_attribute( $node, $attribute_name );
 			} elseif ( $old_value !== $new_value ) {
 				$node->setAttribute( $attribute_name, $new_value );
 			}
 		} elseif ( 'rev' === $attribute_name ) {
 			// rev removed from HTML5 spec, which was used by Jetpack Markdown.
-			$node->removeAttribute( $attribute_name );
+			$this->remove_invalid_attribute( $node, $attribute_name );
 		} elseif ( 'target' === $attribute_name ) {
 			// _blank is the only allowed value and it must be lowercase.
 			// replace _new with _blank and others should simply be removed.
@@ -150,7 +150,7 @@ private function sanitize_a_attribute( $node, $attribute ) {
 				$node->setAttribute( $attribute_name, '_blank' );
 			} else {
 				// Only _blank is allowed.
-				$node->removeAttribute( $attribute_name );
+				$this->remove_invalid_attribute( $node, $attribute_name );
 			}
 		}
 	}
@@ -219,7 +219,7 @@ private function replace_node_with_children( $node, $bad_attributes, $bad_protoc
 
 		// Remove the node from the parent, if defined.
 		if ( $node->parentNode ) {
-			$node->parentNode->removeChild( $node );
+			$this->remove_invalid_child( $node );
 		}
 	}
 

includes/sanitizers/class-amp-iframe-sanitizer.php

@@ -74,7 +74,7 @@ public function sanitize() {
 			 * @see: https://github.com/ampproject/amphtml/issues/2261
 			 */
 			if ( empty( $new_attributes['src'] ) ) {
-				$node->parentNode->removeChild( $node );
+				$this->remove_invalid_child( $node );
 				continue;
 			}
 
@@ -193,4 +193,5 @@ private function build_placeholder( $parent_attributes ) {
 
 		return $placeholder_node;
 	}
+
 }

includes/sanitizers/class-amp-img-sanitizer.php

@@ -74,7 +74,7 @@ public function sanitize() {
 			}
 
 			if ( ! $node->hasAttribute( 'src' ) || '' === $node->getAttribute( 'src' ) ) {
-				$node->parentNode->removeChild( $node );
+				$this->remove_invalid_child( $node );
 				continue;
 			}
 

includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php

@@ -704,6 +704,9 @@ private function sanitize_disallowed_attributes_in_node( $node, $attr_spec_list
 
 		foreach ( $attrs_to_remove as $attr ) {
 			$node->removeAttributeNode( $attr );
+			if ( isset( $this->args['remove_invalid_callback'], $attr->name ) ) {
+				call_user_func( $this->args['remove_invalid_callback'], $node, AMP_Validation_Utils::ATTRIBUTE_REMOVED, $attr->name );
+			}
 		}
 	}
 
@@ -809,7 +812,7 @@ private function delegated_sanitize_disallowed_attribute_values_in_node( $node,
 				( true === $attr_spec_list[ $attr_name ][ AMP_Rule_Spec::VALUE_URL ][ AMP_Rule_Spec::ALLOW_EMPTY ] ) ) {
 				$node->setAttribute( $attr_name, '' );
 			} else {
-				$node->removeAttribute( $attr_name );
+				$this->remove_invalid_attribute( $node, $attr_name );
 			}
 		}
 	}
@@ -1448,13 +1451,13 @@ private function remove_node( $node ) {
 		 */
 		$parent = $node->parentNode;
 		if ( $node && $parent ) {
-			$parent->removeChild( $node );
+			$this->remove_invalid_child( $node );
 		}
 		while ( $parent && ! $parent->hasChildNodes() && $this->root_element !== $parent ) {
 			$node   = $parent;
 			$parent = $parent->parentNode;
 			if ( $parent ) {
-				$parent->removeChild( $node );
+				$this->remove_invalid_child( $node );
 			}
 		}
 	}

includes/sanitizers/class-amp-video-sanitizer.php

@@ -93,7 +93,7 @@ public function sanitize() {
 			 * See: https://github.com/ampproject/amphtml/issues/2261
 			 */
 			if ( 0 === $new_node->childNodes->length && empty( $new_attributes['src'] ) ) {
-				$node->parentNode->removeChild( $node );
+				$this->remove_invalid_child( $node );
 			} else {
 				$node->parentNode->replaceChild( $new_node, $node );
 			}