From 7b82404ddc98d0710e6e8f7d2bc5a2811e2de644 Mon Sep 17 00:00:00 2001
From: Weston Ruter <westonruter@google.com>
Date: Mon, 23 Mar 2020 21:06:40 -0700
Subject: [PATCH] Restrict JSON validation to non-LD scripts

---
 .../class-amp-tag-and-attribute-sanitizer.php |  2 +-
 .../php/test-tag-and-attribute-sanitizer.php  | 30 +++++++++++--------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index f37429e403f..de12c30e68f 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -936,7 +936,7 @@ private function validate_cdata_for_node( DOMElement $element, $cdata_spec ) {
 		}
 
 		// When the CDATA is expected to be JSON, ensure it's valid JSON.
-		if ( 'script' === $element->nodeName && in_array( $element->getAttribute( 'type' ), [ 'application/json', 'application/ld+json' ], true ) ) {
+		if ( 'script' === $element->nodeName && 'application/json' === $element->getAttribute( 'type' ) ) {
 			if ( '' === trim( $element->textContent ) ) {
 				return [ 'code' => self::JSON_ERROR_EMPTY ];
 			}
diff --git a/tests/php/test-tag-and-attribute-sanitizer.php b/tests/php/test-tag-and-attribute-sanitizer.php
index e433786e517..732072658de 100644
--- a/tests/php/test-tag-and-attribute-sanitizer.php
+++ b/tests/php/test-tag-and-attribute-sanitizer.php
@@ -2893,29 +2893,35 @@ public function get_html_data() {
 				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_HTML_COMMENTS ],
 			],
 			'cdata_malformed_json'                    => [
-				'<html><head><meta charset="utf-8"><script type="application/ld+json">{"example": </script></head><body></body></html>',
-				'<html><head><meta charset="utf-8"></head><body></body></html>',
-				[],
+				'<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"><script type="application/json">{"example": </script></amp-ima-video></body></html>',
+				'<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"></amp-ima-video></body></html>',
+				[ 'amp-ima-video' ],
 				[ AMP_Tag_And_Attribute_Sanitizer::JSON_ERROR_SYNTAX ],
 			],
 			'cdata_malformed_json_with_emojis'        => [
-				'<html><head><meta charset="utf-8"><script type="application/ld+json">{"wrong": "' . wp_staticize_emoji( '🚧 🚧' ) . '"}</script></head><body></body></html>',
-				'<html><head><meta charset="utf-8"></head><body></body></html>',
-				[],
+				'<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"><script type="application/json">{"wrong": "' . wp_staticize_emoji( '🚧 🚧' ) . '"}</script></amp-ima-video></body></html>',
+				'<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"></amp-ima-video></body></html>',
+				[ 'amp-ima-video' ],
 				[ AMP_Tag_And_Attribute_Sanitizer::JSON_ERROR_SYNTAX ],
 			],
 			'cdata_malformed_utf8_json'               => [
-				sprintf( '<html><head><meta charset="utf-8"><script type="application/ld+json">{"wrong": "%s"}</script></head><body></body></html>', "\xFF" ),
-				'<html><head><meta charset="utf-8"></head><body></body></html>',
-				[],
+				sprintf( '<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"><script type="application/json">{"wrong": "%s"}</script></amp-ima-video></body></html>', "\xFF" ),
+				'<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"></amp-ima-video></body></html>',
+				[ 'amp-ima-video' ],
 				[ AMP_Tag_And_Attribute_Sanitizer::JSON_ERROR_UTF8 ],
 			],
 			'cdata_empty_json_considered_invalid'     => [
-				'<html><head><meta charset="utf-8"><script type="application/ld+json"></script></head><body></body></html>',
-				'<html><head><meta charset="utf-8"></head><body></body></html>',
-				[],
+				'<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"><script type="application/json"></script></amp-ima-video></body></html>',
+				'<html><head><meta charset="utf-8"></head><body><amp-ima-video width="640" height="360" layout="responsive" data-tag="ads.xml"></amp-ima-video></body></html>',
+				[ 'amp-ima-video' ],
 				[ AMP_Tag_And_Attribute_Sanitizer::JSON_ERROR_EMPTY ],
 			],
+			'cdata_empty_json_not_considered_invalid' => [
+				'<html><head><meta charset="utf-8"><script type="application/ld+json" id="__gaOptOutExtension"></script></head><body></body></html>',
+				null,
+				[],
+				[],
+			],
 			'analytics_empty_json_considered_invalid' => [
 				'<html><head><meta charset="utf-8"></head><body><amp-analytics><script type="application/json"> </script></amp-analytics></body></html>',
 				'<html><head><meta charset="utf-8"></head><body><amp-analytics></amp-analytics></body></html>',