Mark scripts output by wp_comment_form_unfiltered_html_nonce() and wp_post_preview_js() as being in AMP Dev Mode

includes/amp-helper-functions.php

@@ -1608,6 +1608,19 @@ function amp_get_content_sanitizers( $post = null ) {
 			$dev_mode_xpaths[] = '//style[ @id = "custom-theme-colors" ]';
 		}
 
+		// Mark the script output by wp_comment_form_unfiltered_html_nonce() as being in dev mode.
+		if ( current_user_can( 'unfiltered_html' ) ) {
+			$dev_mode_xpaths[] = '//script[ not( @src ) and preceding-sibling::input[ @name = "_wp_unfiltered_html_comment_disabled" ] and contains( text(), "_wp_unfiltered_html_comment_disabled" ) ]';
+		}
+
+		// Mark the script output by wp_post_preview_js() as being in dev mode.
+		if ( is_preview() && get_queried_object() instanceof WP_Post ) {
+			$dev_mode_xpaths[] = sprintf(
+				'//script[ not( @src ) and contains( text(), "document.location.search" ) and contains( text(), "preview=true" ) and contains( text(), "unload" ) and contains( text(), "window.name" ) and contains( text(), "wp-preview-%d" ) ]',
+				get_queried_object_id()
+			);
+		}
+
 		$sanitizers = array_merge(
 			[
 				AMP_Dev_Mode_Sanitizer::class => [

includes/class-amp-theme-support.php

@@ -845,9 +845,8 @@ public static function get_supportable_templates( $options = [] ) {
 	 */
 	public static function add_hooks() {
 
-		// Remove core actions which are invalid AMP.
-		remove_action( 'wp_head', 'wp_post_preview_js', 1 ); // @todo Instead of function, the script output by wp_post_preview_js() should get data-ampdevmode.
-		remove_action( 'wp_head', 'wp_oembed_add_host_js' ); // This is not needed when post embeds are embedded via <amp-wordpress-embed>. See <https://github.com/ampproject/amp-wp/issues/809>.
+		// This is not needed when post embeds are embedded via <amp-wordpress-embed>. See <https://github.com/ampproject/amp-wp/issues/809>.
+		remove_action( 'wp_head', 'wp_oembed_add_host_js' );
 
 		// Prevent emoji detection and emoji loading since platforms/browsers now support emoji natively (and Twemoji is not AMP-compatible).
 		add_filter( 'wp_resource_hints', [ __CLASS__, 'filter_resource_hints_to_remove_emoji_dns_prefetch' ], 10, 2 );

tests/php/test-amp-helper-functions.php

@@ -1806,6 +1806,7 @@ function ( $xpaths ) use ( $element_xpaths ) {
 		remove_filter( 'amp_dev_mode_enabled', '__return_true' );
 
 		// Check that AMP_Dev_Mode_Sanitizer is registered once in dev mode, and now also with admin bar showing.
+		wp_set_current_user( self::factory()->user->create( [ 'role' => 'administrator' ] ) );
 		add_filter( 'amp_dev_mode_enabled', '__return_true' );
 		add_filter( 'show_admin_bar', '__return_true' );
 		$sanitizers = amp_get_content_sanitizers();
@@ -1819,12 +1820,46 @@ function ( $xpaths ) use ( $element_xpaths ) {
 					'//*[ @id = "wpadminbar" ]',
 					'//*[ @id = "wpadminbar" ]//*',
 					'//style[ @id = "admin-bar-inline-css" ]',
+					'//script[ not( @src ) and preceding-sibling::input[ @name = "_wp_unfiltered_html_comment_disabled" ] and contains( text(), "_wp_unfiltered_html_comment_disabled" ) ]',
 				]
 			),
 			$sanitizers[ AMP_Dev_Mode_Sanitizer::class ]['element_xpaths']
 		);
 	}
 
+	/**
+	 * Test amp_get_content_sanitizers().
+	 *
+	 * @covers ::amp_get_content_sanitizers()
+	 * @see \wp_post_preview_js()
+	 */
+	public function test_amp_get_content_sanitizers_with_post_preview() {
+		$user_id = self::factory()->user->create( [ 'role' => 'author' ] );
+		wp_set_current_user( $user_id );
+		$post = self::factory()->post->create(
+			[
+				'post_status' => 'draft',
+				'post_author' => $user_id,
+			]
+		);
+		$this->go_to( get_preview_post_link( $post ) );
+
+		$sanitizers = amp_get_content_sanitizers();
+		$this->assertTrue( is_admin_bar_showing() );
+		$this->assertTrue( amp_is_dev_mode() );
+		$this->assertTrue( is_preview() );
+		$this->assertArrayHasKey( AMP_Dev_Mode_Sanitizer::class, $sanitizers );
+		$this->assertEqualSets(
+			[
+				'//*[ @id = "wpadminbar" ]',
+				'//*[ @id = "wpadminbar" ]//*',
+				'//style[ @id = "admin-bar-inline-css" ]',
+				'//script[ not( @src ) and contains( text(), "document.location.search" ) and contains( text(), "preview=true" ) and contains( text(), "unload" ) and contains( text(), "window.name" ) and contains( text(), "wp-preview-' . $post . '" ) ]',
+			],
+			$sanitizers[ AMP_Dev_Mode_Sanitizer::class ]['element_xpaths']
+		);
+	}
+
 	/**
 	 * Test deprecated $post param for amp_get_content_sanitizers().
 	 *

tests/php/test-class-amp-theme-support.php

@@ -772,7 +772,6 @@ static function( $templates ) {
 	 */
 	public function test_add_hooks() {
 		AMP_Theme_Support::add_hooks();
-		$this->assertFalse( has_action( 'wp_head', 'wp_post_preview_js' ) );
 		$this->assertFalse( has_action( 'wp_head', 'wp_oembed_add_host_js' ) );
 
 		$this->assertEquals( 10, has_filter( 'wp_resource_hints', [ self::TESTED_CLASS, 'filter_resource_hints_to_remove_emoji_dns_prefetch' ] ) );