From ea1253efa75b151c6050ff114960d7edca5fed5f Mon Sep 17 00:00:00 2001
From: Julien Boulen <julien.boulen@univ-rennes2.fr>
Date: Mon, 15 May 2023 17:21:19 +0200
Subject: [PATCH] MDL-78259 weblib: purify audio/video tags as inline elements

---
 lib/tests/htmlpurifier_test.php | 6 ++++++
 lib/weblib.php                  | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/tests/htmlpurifier_test.php b/lib/tests/htmlpurifier_test.php
index dc9137a5f8c..c047044f031 100644
--- a/lib/tests/htmlpurifier_test.php
+++ b/lib/tests/htmlpurifier_test.php
@@ -426,6 +426,12 @@ class htmlpurifier_test extends \basic_testcase {
                 '<video %1$s>Did not work <a href="http://example.com/prettygood.mp4">click here to download</a></video>',
                 '<div class="text_to_html"><video %1$s>Did not work <a href="http://example.com/prettygood.mp4">' .
                 'click here to download</a></video></div>'
+            ]) + $generatetestcases('Video inside an inline tag', $videoattrs + ['src="http://example.com/prettygood.mp4'], [
+                '<em><video %1$s>Oh, that\'s pretty bad 😦</video></em>',
+                '<div class="text_to_html"><em><video %1$s>Oh, that\'s pretty bad 😦</video></em></div>'
+            ]) + $generatetestcases('Video inside a block tag', $videoattrs + ['src="http://example.com/prettygood.mp4'], [
+                '<p><video %1$s>Oh, that\'s pretty bad 😦</video></p>',
+                '<div class="text_to_html"><p><video %1$s>Oh, that\'s pretty bad 😦</video></p></div>'
             ]) + $generatetestcases('Source tag without video or audio', $videoattrs, [
                 'some text <source src="http://example.com/getup.wav" type="audio/wav"> the end',
                 '<div class="text_to_html">some text  the end</div>'
diff --git a/lib/weblib.php b/lib/weblib.php
index d87c52f755c..32b966bf02d 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -1872,7 +1872,7 @@ function purify_html($text, $options = array()) {
         $config = HTMLPurifier_Config::createDefault();
 
         $config->set('HTML.DefinitionID', 'moodlehtml');
-        $config->set('HTML.DefinitionRev', 6);
+        $config->set('HTML.DefinitionRev', 7);
         $config->set('Cache.SerializerPath', $cachedir);
         $config->set('Cache.SerializerPermissions', $CFG->directorypermissions);
         $config->set('Core.NormalizeNewlines', false);
@@ -1914,7 +1914,7 @@ function purify_html($text, $options = array()) {
 
             // Media elements.
             // https://html.spec.whatwg.org/#the-video-element
-            $def->addElement('video', 'Block', 'Optional: #PCDATA | Flow | source | track', 'Common', [
+            $def->addElement('video', 'Inline', 'Optional: #PCDATA | Flow | source | track', 'Common', [
                 'src' => 'URI',
                 'crossorigin' => 'Enum#anonymous,use-credentials',
                 'poster' => 'URI',
@@ -1928,7 +1928,7 @@ function purify_html($text, $options = array()) {
                 'height' => 'Length',
             ]);
             // https://html.spec.whatwg.org/#the-audio-element
-            $def->addElement('audio', 'Block', 'Optional: #PCDATA | Flow | source | track', 'Common', [
+            $def->addElement('audio', 'Inline', 'Optional: #PCDATA | Flow | source | track', 'Common', [
                 'src' => 'URI',
                 'crossorigin' => 'Enum#anonymous,use-credentials',
                 'preload' => 'Enum#auto,metadata,none',