Whitelist of Variable Substitutions #3
Conversation
…s not contain functional testing
|
I managed to add some functional tests. But still have difficulty in adding functional tests to test-url-replacements.js. For some reason the test case cannot find the "meta tag" when I embed it to the window. |
* document batching features * add reportWindow * minor fixes * add refer to * fix test
* 📖 add AMP emoji conventional changelogs * apply recommendations
…project#13266) * Rename lightbox-viewer to lightbox-gallery * Rename lightbox css from viewer to gallery * Remove dead manual test pages
* Return play promise from playFn to ensure media playback is not interrupted. * Refactor playFn to always return a promise. Improve documentation. * Use closure so the proper context is set on the distance function. * Add debug messages * Remove muted property change, since this is in a separate PR * Fix merge
* Component skeleton * move files into amp-story * clean up example * remove bad link * bad mock test * clean up
* fix dist with alias * change minimal_set usage * fix documentation * refactor print logic * rename * update function description
src/service/url-replacements-impl.js
Outdated
|
|
||
| // Cache the whitelist of allowed AMP actions (if provided). | ||
| if (meta) { | ||
| this.ampVariableSubstitutionWhitelist_ = |
There was a problem hiding this comment.
This field needs JSDoc.
It might be better to move the initialization logic to a helper method and use null as the default value for this field. ?string is usually more idiomatic than string|undefined.
src/service/url-replacements-impl.js
Outdated
| @@ -74,6 +74,22 @@ export class GlobalVariableSource extends VariableSource { | |||
| /** @const {!./ampdoc-impl.AmpDoc} */ | |||
| this.ampdoc = ampdoc; | |||
|
|
|||
| // A meta[name="amp-action-whitelist"] tag, if present, contains, | |||
| // in its content attribute, a whitelist of actions on the special AMP target. | |||
| if (this.ampVariableSubstitutionWhitelist_ === undefined | |||
There was a problem hiding this comment.
This code is in a constructor, and there's no previous assignment to ampVariableSubstitutionWhitelist_, so this condition should always be true.
src/service/url-replacements-impl.js
Outdated
| // A meta[name="amp-action-whitelist"] tag, if present, contains, | ||
| // in its content attribute, a whitelist of actions on the special AMP target. | ||
| if (this.ampVariableSubstitutionWhitelist_ === undefined | ||
| && this.ampdoc.getRootNode() && this.ampdoc.getRootNode().head) { |
There was a problem hiding this comment.
The return value of getRootNode() is non-nullable and never undefined, so we shouldn't need to check this.ampdoc.getRootNode() ...
src/service/url-replacements-impl.js
Outdated
| if (meta) { | ||
| this.ampVariableSubstitutionWhitelist_ = | ||
| meta.getAttribute('content').split(',') | ||
| .map(action => action.trim()); |
There was a problem hiding this comment.
I see that this code is repeated from the previous PR. Consider extracting this to a utility class.
src/service/variable-source.js
Outdated
| @@ -121,6 +121,9 @@ export class VariableSource { | |||
|
|
|||
| /** @private {boolean} */ | |||
| this.initialized_ = false; | |||
|
|
|||
| /** @const @private {!Array<string>|undefined} */ | |||
There was a problem hiding this comment.
If this is private, and if the type checker is doing the correct thing, then subclasses should never be able to access this field... I think we really want a (ideally-abstract) method.
That said, why do we implement the actual meta tag check in the base class instead of here in the base class? Are there other implementations of VariableSource that makes whitelisting using meta tags not make sense?
There was a problem hiding this comment.
GlobalVariableSource is the only implementation of VariableSource. So I moved this logic to the base class as you suggested.
…d bookend. (ampproject#13270) * Preventing CSS overrides. * Preventing CSS overrides for the navigation hint, landscape orientation and unsupported browser.
…13278) * Increase button tap target size * Fix desktop mode top padding * tweak button padding to 16px per mulptiple of 4 * Reorder media queries
* Updating to new async tag * Linter fix: imports must be alphabetical
…s not contain functional testing
* chore(package): update browserify to version 16.0.0 * chore(package): update lockfile https://npm.im/greenkeeper-lockfile
* change amp-bind verification to user warning and clarify message * fix presubmit * fix test
* Revision bump for ampproject#13036 * Revision bump for ampproject#13073 * Add DEDUPE_ON_MINIFY flags to license tags so that release process can reduce the number of identical duplicate licenses in the minified validator. * Add requires_extension to AttrSpec. * JSDoc updates. * Generated validator javascript improvements. * Add comment to ValidationError hinting at how to render. * Revision bump for ampproject#12955 * Add new error types for future CSS validation. * Revision bump for ampproject#12798 * Fix a typo. * Allow animation-timing-function for keyframes * Fix typo
* Remove spurious files * cvializ@ suggested changes * Fixed Travis CI failures
* Development/debug setup. * Basic exp setup. * Header parsing and stuff. * Client-side changes fin. * Cleaned PR + tests. * Undoing yarn stuff. * Yarn attempt #2. * Reverting example page. * lint fix * PR feedback. * Undoing changes to test page. * Merges * Yarn * Not calling document.open/close when writing in body and not waiting for onload. Also removed accidentally merged tests. * Adding back document.open/close into default flow. * Simplified conditional. * Adsense support. * Merges/rebase. * Alphabetized imports. * Factored out common code to utils.
…s not contain functional testing
…s not contain functional testing
|
Could you merge upstream into your |
…s not contain functional testing
…s not contain functional testing
…s not contain functional testing
…s not contain functional testing
If a whitelist of variables is provided using meta tags for example as follows
<meta name="amp-variable-substitution-whitelist" content="RANDOM,TIMEZONE">then the runtime should respect it. In order to do this we parse the meta tag in GlobalVariableSource.