From fbfd3124a0ab6bb249d3577f96a188987df86a8e Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Tue, 26 Jul 2016 11:02:09 -0400
Subject: [PATCH] Whitelist some more tags and add extra tests

---
 .../pretty-text/white-lister.js.es6           | 89 ++++++++++---------
 test/javascripts/lib/sanitizer-test.js.es6    |  6 ++
 2 files changed, 52 insertions(+), 43 deletions(-)

diff --git a/app/assets/javascripts/pretty-text/white-lister.js.es6 b/app/assets/javascripts/pretty-text/white-lister.js.es6
index bd863cf38..0841d9a12 100644
--- a/app/assets/javascripts/pretty-text/white-lister.js.es6
+++ b/app/assets/javascripts/pretty-text/white-lister.js.es6
@@ -99,63 +99,66 @@ export function whiteListFeature(feature, info) {
 // Only add to `default` when you always want your whitelist to occur. In other words,
 // don't change this for a plugin or a feature that can be disabled
 whiteListFeature('default', [
-  'br',
-  'p',
-  'strong',
-  'em',
-  'ins',
-  'del',
-  'abbr[title]',
-  'dl',
-  'dt',
-  'dd',
-  'blockquote',
-  'div',
-  'div.title',
-  'div.quote-controls',
-  'div[align]',
-  'i',
-  'b',
-  'ul',
-  'ol',
-  'li',
-  'small',
-  'code',
-  'span.mention',
-  'span.hashtag',
-  'span.excerpt',
-  'aside.quote',
-  'aside[data-*]',
-  'a[name]',
-  'a[target=_blank]',
-  'a[rel=nofollow]',
   'a.attachment',
-  'a.onebox',
+  'a.hashtag',
   'a.mention',
   'a.mention-group',
-  'a.hashtag',
-  'a[name]',
+  'a.onebox',
   'a[data-bbcode]',
+  'a[name]',
+  'a[name]',
+  'a[rel=nofollow]',
+  'a[target=_blank]',
   'a[title]',
-  'img[class]',
-  'img[alt]',
-  'img[title]',
-  'img[width]',
-  'img[height]',
-  'pre',
-  'hr',
+  'abbr[title]',
+  'aside.quote',
+  'aside[data-*]',
+  'b',
+  'blockquote',
+  'br',
+  'code',
+  'dd',
+  'del',
+  'div',
+  'div.quote-controls',
+  'div.title',
+  'div[align]',
+  'dl',
+  'dt',
+  'em',
   'h1[id]',
   'h2[id]',
   'h3[id]',
   'h4[id]',
   'h5[id]',
   'h6[id]',
+  'hr',
+  'i',
   'iframe',
-  'iframe[height]',
-  'iframe[width]',
   'iframe[frameborder]',
+  'iframe[height]',
   'iframe[marginheight]',
   'iframe[marginwidth]',
+  'iframe[width]',
+  'img[alt]',
+  'img[class]',
+  'img[height]',
+  'img[title]',
+  'img[width]',
+  'ins',
   'kbd',
-  'strike'
+  'li',
+  'ol',
+  'p',
+  'pre',
+  's',
+  'small',
+  'span.excerpt',
+  'span.hashtag',
+  'span.mention',
+  'strike',
+  'strong',
+  'sub',
+  'sup',
+  'ul',
 ]);
diff --git a/test/javascripts/lib/sanitizer-test.js.es6 b/test/javascripts/lib/sanitizer-test.js.es6
index 9e74166d5..bc67c5c3c 100644
--- a/test/javascripts/lib/sanitizer-test.js.es6
+++ b/test/javascripts/lib/sanitizer-test.js.es6
@@ -48,8 +48,14 @@ test("sanitize", function() {
 
   cooked("<kbd>Ctrl</kbd>+<kbd>C</kbd>", "<p><kbd>Ctrl</kbd>+<kbd>C</kbd></p>");
   cooked("it has been <strike>1 day</strike> 0 days since our last test failure", "<p>it has been <strike>1 day</strike> 0 days since our last test failure</p>");
+  cooked(`it has been <s>1 day</s> 0 days since our last test failure`, `<p>it has been <s>1 day</s> 0 days since our last test failure</p>`);
 
   cooked(`<div align="center">hello</div>`, `<div align="center">hello</div>`);
+
+  cooked(`1 + 1 is <del>3</del> <ins>2</ins>`, `<p>1 + 1 is <del>3</del> <ins>2</ins></p>`);
+  cooked(`<abbr title="JavaScript">JS</abbr>`, `<p><abbr title="JavaScript">JS</abbr></p>`);
+  cooked(`<dl><dt>Forum</dt><dd>Software</dd></dl>`, `<dl><dt>Forum</dt><dd>Software</dd></dl>`);
+  cooked(`<sup>high</sup> <sub>low</sub>`, `<p><sup>high</sup> <sub>low</sub></p>`);
 });
 
 test("ids on headings", () => {