Sanitizer stripping amp-subscriptions encrypted ciphertext

  • Resolved bradmorris82

    (@bradmorris82)


    1 month, 2 weeks ago

    We are attempting to implement encrypted paywall content as per the amp.dev guide here. I’ve been successful in getting an encrypted example working on a static page.

    When an encrypted subscriptions section is passed through the AMP sanitizer, it seems to strip the script element containing the encrypted cipher text for the article.

    Looking at the SubscriptionsSectionContentSwgAmpCacheNonce TagSpec, it looks like the section needed a mandatory Attribute::SWG_AMP_CACHE_NONCE which resolves to ‘swg-amp-cache-nonce’ which is also stripped from the section (Curiously ‘swg_amp_cache_nonce’ is not).

    Essentially;

    <section subscriptions-section="content" encrypted swg_amp_cache_nonce="asd"
        <script type="application/octet-stream" ciphertext=""><![CDATA[Valid Cipher]]></script>
    </section>

    Is being sanitized to

    <section subscriptions-section="content" encrypted swg_amp_cache_nonce="asd"></section>

    I have tried all combinations of the above such as;

    • adding =”” to both encrypted/ciphertext attributes
    • With/Without CDATA
    • swg_amp_cache_nonce vs swg-amp-cache-nonce

    All of these combinations result in the script tag being stripped each time. When amp is disabled, the tag combination displays as expected.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Milind More

    (@milindmore22)

    Hello @bradmorris82

    Thank you for reaching out to us, please give us some time to respond.

    Plugin Support Milind More

    (@milindmore22)

    Hello @bradmorris82

    Thank you for reaching out to us, We have addressed the issue with mandatory parent name for specs, it has been fixed via GitHub PR #7894 and it will be available from next version 2.5.5

    For now, please download the production build from GitHub PR’s comment, and please let us know if you face any further issues.

    Here is the code snippet we tested 

    <section class="text" subscriptions-section="content" encrypted="" swg_amp_cache_nonce="asd">
  <script type="application/octet-stream" ciphertext=""> <![CDATA[Valid Cipher]]> </script>
</section>
<section subscriptions-section="content">
  <span swg_amp_cache_nonce="asd"></span>
  <p class="text"> Muffin jelly-o wafer ice cream brownie dessert chocolate bar. Candy canes cotton candy apple pie cake. Chupa chups bonbon dragée bear claw dessert. Oat cake croissant sweet roll apple pie pie. </p>
</section>
<section subscriptions-section="content-not-granted">
  <span swg_amp_cache_nonce="asd"></span>
  <p class="text">
    <strong>Please go through subscribe flow to see more content.</strong>
  </p>
</section>

    We hope this helps!

    Thread Starter bradmorris82

    (@bradmorris82)

    Confirmed this has addressed the issue, thanks for your quick help! I tried to reverse engineer with the hope of submitting a PR but once I got to the tag specs I got again.

    Keep up the good work

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.