From a83e505fcffa472f8e928e40c7a7e7d9a1c7403d Mon Sep 17 00:00:00 2001
From: Juanito Fatas <katehuang0320@gmail.com>
Date: Wed, 14 Jan 2015 23:04:50 +0800
Subject: [PATCH] Whitelist summary and details element.

And details needs an open attribute

Ref. https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
---
 lib/html/pipeline/sanitization_filter.rb      |  6 ++---
 .../html/pipeline/sanitization_filter_test.rb | 24 +++++++++++++++++++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/lib/html/pipeline/sanitization_filter.rb b/lib/html/pipeline/sanitization_filter.rb
index 37133366..0d88a48b 100644
--- a/lib/html/pipeline/sanitization_filter.rb
+++ b/lib/html/pipeline/sanitization_filter.rb
@@ -45,7 +45,7 @@ class SanitizationFilter < Filter
         :elements => %w(
           h1 h2 h3 h4 h5 h6 h7 h8 br b i strong em a pre code img tt
           div ins del sup sub p ol ul table thead tbody tfoot blockquote
-          dl dt dd kbd q samp var hr ruby rt rp li tr td th s strike
+          dl dt dd kbd q samp var hr ruby rt rp li tr td th s strike summary details
         ),
         :remove_contents => ['script'],
         :attributes => {
@@ -57,13 +57,13 @@ class SanitizationFilter < Filter
                     'border', 'cellpadding', 'cellspacing', 'char',
                     'charoff', 'charset', 'checked', 'cite',
                     'clear', 'cols', 'colspan', 'color',
-                    'compact', 'coords', 'datetime', 'details', 'dir',
+                    'compact', 'coords', 'datetime', 'dir',
                     'disabled', 'enctype', 'for', 'frame',
                     'headers', 'height', 'hreflang',
                     'hspace', 'ismap', 'label', 'lang',
                     'longdesc', 'maxlength', 'media', 'method',
                     'multiple', 'name', 'nohref', 'noshade',
-                    'nowrap', 'prompt', 'readonly', 'rel', 'rev',
+                    'nowrap', 'open', 'prompt', 'readonly', 'rel', 'rev',
                     'rows', 'rowspan', 'rules', 'scope',
                     'selected', 'shape', 'size', 'span',
                     'start', 'summary', 'tabindex', 'target',
diff --git a/test/html/pipeline/sanitization_filter_test.rb b/test/html/pipeline/sanitization_filter_test.rb
index 73b1d163..7bdca56f 100644
--- a/test/html/pipeline/sanitization_filter_test.rb
+++ b/test/html/pipeline/sanitization_filter_test.rb
@@ -127,4 +127,28 @@ def test_table_sections_are_not_removed
 </table>)
     assert_equal orig, SanitizationFilter.call(orig).to_s
   end
+
+  def test_summary_tag_are_not_removed
+    orig = %(<summary>Foo</summary>)
+    assert_equal orig, SanitizationFilter.call(orig).to_s
+  end
+
+  def test_details_tag_and_open_attribute_are_not_removed
+    orig = %(<details open>Foo</details>)
+    assert_equal orig, SanitizationFilter.call(orig).to_s
+  end
+
+  def test_nested_details_tag_are_not_removed
+    orig = <<-NESTED
+      <details>
+        <summary>Foo</summary>
+        <details>
+          Bar
+          <summary>Baz</summary>
+        </details>
+        Qux
+      </details>
+    NESTED
+    assert_equal orig, SanitizationFilter.call(orig).to_s
+  end
 end