From edb2fa86e75927698b078518ba0923df51e5901d Mon Sep 17 00:00:00 2001
From: Dawa Ometto <d.ometto@gmail.com>
Date: Tue, 13 Sep 2022 11:59:35 +0200
Subject: [PATCH] Don't sanitize controls attribute (#430)

---
 lib/gollum-lib/macro/audio.rb  | 2 +-
 lib/gollum-lib/macro/video.rb  | 2 +-
 lib/gollum-lib/sanitization.rb | 1 +
 test/test_macros.rb            | 6 ++++++
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/gollum-lib/macro/audio.rb b/lib/gollum-lib/macro/audio.rb
index e222213ce..66826acb1 100755
--- a/lib/gollum-lib/macro/audio.rb
+++ b/lib/gollum-lib/macro/audio.rb
@@ -2,7 +2,7 @@ module Gollum
   class Macro
     class Audio < Gollum::Macro
       def render (fname)
-        "<audio width=\"100%\" height=\"100%\" src=\"#{CGI::escapeHTML(fname)}\" controls=\"\"> HTML5 audio is not supported on this Browser.</audio>"
+        "<audio width=\"100%\" height=\"100%\" src=\"#{CGI::escapeHTML(fname)}\" controls=\"true\"> HTML5 audio is not supported on this Browser.</audio>"
       end
     end
   end
diff --git a/lib/gollum-lib/macro/video.rb b/lib/gollum-lib/macro/video.rb
index 9c64a0965..e2f05ebfa 100644
--- a/lib/gollum-lib/macro/video.rb
+++ b/lib/gollum-lib/macro/video.rb
@@ -2,7 +2,7 @@ module Gollum
   class Macro
     class Video < Gollum::Macro
       def render (fname)
-        "<video width=\"100%\" height=\"100%\" src=\"#{CGI::escapeHTML(fname)}\" controls=\"\"> HTML5 video is not supported on this Browser.</video>"
+        "<video width=\"100%\" height=\"100%\" src=\"#{CGI::escapeHTML(fname)}\" controls=\"true\"> HTML5 video is not supported on this Browser.</video>"
       end
     end
   end
diff --git a/lib/gollum-lib/sanitization.rb b/lib/gollum-lib/sanitization.rb
index d5a79f02d..0f6ddf9f8 100644
--- a/lib/gollum-lib/sanitization.rb
+++ b/lib/gollum-lib/sanitization.rb
@@ -1,4 +1,5 @@
 ::Loofah::HTML5::SafeList::ACCEPTABLE_PROTOCOLS.add('apt')
+::Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES.add('controls')
 
 module Gollum
   class Sanitization
diff --git a/test/test_macros.rb b/test/test_macros.rb
index bdbd1d33c..001f93899 100644
--- a/test/test_macros.rb
+++ b/test/test_macros.rb
@@ -200,4 +200,10 @@ def render(opts)
     @wiki.write_page("_Footer", :markdown, "<<Series(test)>>", commit_details)
     assert_match /Next(.*)test-2&lt;span&gt;/, @wiki.page("test-1").footer.formatted_data
   end
+
+  test "Control attributes for Audio and Video are not sanitized" do
+    @wiki.write_page("AudioTagTest", :markdown, "<<Audio(foo)>>\n<<Video(bar)>>", commit_details)
+    # The Macros must return controls=true until https://github.com/flavorjones/loofah/issues/242 is resolved
+    assert_match /<audio (.*)controls(.*)>(.*)<video (.*)controls(.*)>/m, @wiki.pages[0].formatted_data
+  end
 end