diff --git a/core/server/apps/amp/lib/helpers/amp_content.js b/core/server/apps/amp/lib/helpers/amp_content.js
index 1c0a057311..4b5f84b540 100644
--- a/core/server/apps/amp/lib/helpers/amp_content.js
+++ b/core/server/apps/amp/lib/helpers/amp_content.js
@@ -13,6 +13,7 @@ var hbs = require('express-hbs'),
sanitizeHtml = require('sanitize-html'),
config = require('../../../../config'),
makeAbsoluteUrl = require('../../../../utils/make-absolute-urls'),
+ cheerio = require('cheerio'),
amperize = new Amperize(),
amperizeCache = {},
allowedAMPTags = [],
@@ -67,9 +68,31 @@ function ampContent() {
};
return Promise.props(amperizeHTML).then(function (result) {
+ var $;
+
+ // our Amperized HTML
ampHTML = result.amperize || '';
- // let's sanitize our HTML!!!
+ // Use cheerio to traverse through HTML and make little clean-ups
+ $ = cheerio.load(ampHTML);
+
+ // We have to remove source children in video, as source
+ // is whitelisted for audio, but causes validation
+ // errors in video, because video will be stripped out.
+ // @TODO: remove this, when Amperize support video transform
+ $('video').children('source').remove();
+
+ // Vimeo iframe e. g. come with prohibited attributes
+ // @TODO: remove this, when Amperize supports HTML sanitizing
+ $('amp-iframe').removeAttr('webkitallowfullscreen');
+ $('amp-iframe').removeAttr('mozallowfullscreen');
+
+ // No inline style allowed
+ $('*').removeAttr('style');
+
+ ampHTML = $.html();
+
+ // @TODO: remove this, when Amperize supports HTML sanitizing
cleanHTML = sanitizeHtml(ampHTML, {
allowedTags: allowedAMPTags,
allowedAttributes: false,
diff --git a/core/server/apps/amp/tests/amp_content_spec.js b/core/server/apps/amp/tests/amp_content_spec.js
index 957593c3a3..622ec0ff1a 100644
--- a/core/server/apps/amp/tests/amp_content_spec.js
+++ b/core/server/apps/amp/tests/amp_content_spec.js
@@ -136,12 +136,66 @@ describe('{{amp_content}} helper', function () {
it('can transform audio tags to amp-audio', function (done) {
var testData = {
html: '' +
- '',
+ '',
updated_at: 'Wed Jul 27 2016 18:17:22 GMT+0200 (CEST)',
id: 1
},
expectedResult = 'Your browser does not support the audio element.' +
- '',
+ '',
+ ampResult = ampContentHelper.call(testData);
+
+ ampResult.then(function (rendered) {
+ should.exist(rendered);
+ rendered.string.should.equal(expectedResult);
+ done();
+ }).catch(done);
+ });
+
+ it('removes video tags including source children', function (done) {
+ var testData = {
+ html: '',
+ updated_at: 'Wed Jul 27 2016 18:17:22 GMT+0200 (CEST)',
+ id: 1
+ },
+ expectedResult = 'Your browser doesn\'t support HTML5 video tag.',
+ ampResult = ampContentHelper.call(testData);
+
+ ampResult.then(function (rendered) {
+ should.exist(rendered);
+ rendered.string.should.equal(expectedResult);
+ done();
+ }).catch(done);
+ });
+
+ it('removes inline style', function (done) {
+ var testData = {
+ html: '',
+ updated_at: 'Wed Jul 27 2016 18:17:22 GMT+0200 (CEST)',
+ id: 1
+ },
+ expectedResult = '',
+ ampResult = ampContentHelper.call(testData);
+
+ ampResult.then(function (rendered) {
+ should.exist(rendered);
+ rendered.string.should.equal(expectedResult);
+ done();
+ }).catch(done);
+ });
+
+ it('removes prohibited iframe attributes', function (done) {
+ var testData = {
+ html: '',
+ updated_at: 'Wed Jul 27 2016 18:17:22 GMT+0200 (CEST)',
+ id: 1
+ },
+ expectedResult = '',
ampResult = ampContentHelper.call(testData);
ampResult.then(function (rendered) {