Skip to content

🐛 Enforce amp-ad type=custom has an HTTPS data-url#23386

Merged
jridgewell merged 4 commits intoampproject:masterfrom
jridgewell:amp-ad-custom-url
Jul 22, 2019
Merged

🐛 Enforce amp-ad type=custom has an HTTPS data-url#23386
jridgewell merged 4 commits intoampproject:masterfrom
jridgewell:amp-ad-custom-url

Conversation

@jridgewell
Copy link
Copy Markdown
Contributor

@jridgewell jridgewell commented Jul 17, 2019

Fixes #21314

@jridgewell jridgewell requested review from Gregable and zhouyx July 17, 2019 22:11
zhouyx
zhouyx reviewed Jul 17, 2019
View reviewed changes
extensions/amp-ad/validator-amp-ad.protoascii Outdated
# extensions/amp-auto-ads/*/placement.js
disallowed_ancestor: "AMP-APP-BANNER"
attrs: {
name: "data-uri"
Copy link
Copy Markdown
Contributor

@zhouyx zhouyx Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: data-url

Copy link
Copy Markdown
Contributor

@zhouyx zhouyx Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @lannka Do you expect this to break any current usage of custom ad? I think it's fine since we document that data-url is a mandatory attribute.

Copy link
Copy Markdown
Member

@Gregable Gregable Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two new requirements if type=custom

  1. data-url is present
  2. data-url value is https

Are you confident that both of those are sufficiently followed in the wild.

Copy link
Copy Markdown
Contributor Author

@jridgewell jridgewell Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, but the docs always said it had to be an HTTPS url.

extensions/amp-ad/0.1/amp-ad-custom.js
);

const urlService = Services.urlForDoc(this.element);
userAssert(
Copy link
Copy Markdown
Contributor

@zhouyx zhouyx Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QQ: Is the check necessary if we already have

value_url: {
      protocol: "https"
    }

in validator check

Copy link
Copy Markdown
Contributor Author

@jridgewell jridgewell Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

User asserts are for local development, too.

Gregable
Gregable requested changes Jul 17, 2019
View reviewed changes
extensions/amp-ad/validator-amp-ad.protoascii Outdated
attrs: {
name: "type"
mandatory: true
blacklisted_value_regex: "^("
Copy link
Copy Markdown
Member

@Gregable Gregable Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this. See comment below.

Copy link
Copy Markdown
Contributor Author

@jridgewell jridgewell Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

extensions/amp-ad/validator-amp-ad.protoascii
attrs: {
name: "type"
mandatory: true
value: "custom"
Copy link
Copy Markdown
Member

@Gregable Gregable Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add:

dispatch_key: NAME_VALUE_DISPATCH

The dispatch_key will cause any AMP-AD tags with an attribute of type=custom to only be matched against this one tagspec.

Copy link
Copy Markdown
Contributor Author

@jridgewell jridgewell Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

extensions/amp-ad/validator-amp-ad.protoascii Outdated
# extensions/amp-auto-ads/*/placement.js
disallowed_ancestor: "AMP-APP-BANNER"
attrs: {
name: "data-uri"
Copy link
Copy Markdown
Member

@Gregable Gregable Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two new requirements if type=custom

  1. data-url is present
  2. data-url value is https

Are you confident that both of those are sufficiently followed in the wild.

@jridgewell jridgewell merged commit ed7181a into ampproject:master Jul 22, 2019
rindo pushed a commit to logly/amphtml that referenced this pull request Jul 24, 2019
@jridgewell
🐛 Enforce amp-ad type=custom has an HTTPS data-url (ampproject#23386)
ffbdfc6 
* Enforce that <amp-ad type=custom> has an HTTPS data-uri

* Validator: Ensure amp-ad type=custom has a HTTPS data-url

* validator proto fixes

* Fix validator tests
@Gregable Gregable mentioned this pull request Jul 25, 2019
Merged
Gregable pushed a commit that referenced this pull request Jul 25, 2019
Validator rollup (#23533)
f535df8 
* cl/258377914 Revision bump for #23122

* cl/258634966 Revision bump for #23349

* cl/258870451 Fix incorrect allowance of `<form method="get">` with relative URLs

* cl/259565186 Revision bump for #23386

* cl/259587993 Add a descriptive comment to amp-carousel rules.

* cl/259661215 Fix #23012 by removing the dispatch key on amp-carousel type=carousel.

* cl/259662509 Revision bump for #23148

* cl/259988931 Revision bump for #23482
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gregable Gregable Gregable approved these changes

+1 more reviewer

@zhouyx zhouyx zhouyx approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[amp-ad-custom] Cannot read property 'split' of null

4 participants

@jridgewell @Gregable @zhouyx @googlebot