From d2662334c7f1d1b95eb526dc748f99b6c3922b2f Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Wed, 24 Jan 2018 01:18:02 -0800
Subject: [PATCH 1/7] Preserve AMP binding attributes through HTML parsing and
 serialization

---
 includes/utils/class-amp-dom-utils.php     | 108 +++++++++++++++++++++
 phpcs.xml                                  |   2 +-
 tests/test-class-amp-dom-utils.php         |  29 ++++++
 tests/test-tag-and-attribute-sanitizer.php |   4 +
 4 files changed, 142 insertions(+), 1 deletion(-)

diff --git a/includes/utils/class-amp-dom-utils.php b/includes/utils/class-amp-dom-utils.php
index 8ffd3653e2c..4bb2dc89a87 100644
--- a/includes/utils/class-amp-dom-utils.php
+++ b/includes/utils/class-amp-dom-utils.php
@@ -56,6 +56,8 @@ public static function get_dom( $document ) {
 
 		$dom = new DOMDocument();
 
+		$document = self::convert_amp_bind_attributes( $document );
+
 		/*
 		 * Wrap in dummy tags, since XML needs one parent node.
 		 * It also makes it easier to loop through nodes.
@@ -74,6 +76,110 @@ public static function get_dom( $document ) {
 		return $dom;
 	}
 
+	/**
+	 * Get attribute prefix for converted amp-bind attributes.
+	 *
+	 * This contains a random string to prevent HTML content containing this data- attribute
+	 * originally from being mutated to contain an amp-bind attribute when attributes are restored.
+	 *
+	 * @since 0.7
+	 * @see \AMP_DOM_Utils::convert_amp_bind_attributes()
+	 * @see \AMP_DOM_Utils::restore_amp_bind_attributes()
+	 * @link https://www.ampproject.org/docs/reference/components/amp-bind
+	 *
+	 * @return string HTML5 data-* attribute name prefix for AMP binding attributes.
+	 */
+	public static function get_amp_bind_placeholder_attribute_prefix() {
+		static $attribute_prefix;
+		if ( ! isset( $attribute_prefix ) ) {
+			$attribute_prefix = sprintf( 'data-amp-binding-%s-', md5( wp_rand() ) );
+		}
+		return $attribute_prefix;
+	}
+
+	/**
+	 * Replace AMP binding attributes with something that libxml can parse (as HTML5 data-* attributes).
+	 *
+	 * This is necessary necessary because attributes in square brackets are not understood in PHP and
+	 * get dropped with an error raised:
+	 * > Warning: DOMDocument::loadHTML(): error parsing attribute name
+	 * This is a reciprocal function of AMP_DOM_Utils::restore_amp_bind_attributes().
+	 *
+	 * @since 0.7
+	 * @see \AMP_DOM_Utils::convert_amp_bind_attributes()
+	 * @link https://www.ampproject.org/docs/reference/components/amp-bind
+	 *
+	 * @param string $html HTML containing amp-bind attributes.
+	 * @return string HTML with AMP binding attributes replaced with HTML5 data-* attributes.
+	 */
+	public static function convert_amp_bind_attributes( $html ) {
+		$amp_bind_attr_prefix = self::get_amp_bind_placeholder_attribute_prefix();
+
+		// Pattern for HTML attribute accounting for binding attr name, boolean attribute, single/double-quoted attribute value, and unquoted attribute values.
+		$attr_regex = '#^\s+(?P<name>\[?[a-zA-Z0-9_\-]+\]?)(?P<value>=(?:"[^"]*"|\'[^\']*\'|[^\'"\s]+))?#';
+
+		/**
+		 * Replace callback.
+		 *
+		 * @param array $tag_matches Tag matches.
+		 * @return string Replacement.
+		 */
+		$replace_callback = function( $tag_matches ) use ( $amp_bind_attr_prefix, $attr_regex ) {
+			$old_attrs = rtrim( $tag_matches['attrs'] );
+			$new_attrs = '';
+			$offset    = 0;
+			while ( preg_match( $attr_regex, substr( $old_attrs, $offset ), $attr_matches ) ) {
+				$offset += strlen( $attr_matches[0] );
+
+				if ( '[' === $attr_matches['name'][0] ) {
+					$new_attrs .= ' ' . $amp_bind_attr_prefix . trim( $attr_matches['name'], '[]' );
+					if ( isset( $attr_matches['value'] ) ) {
+						$new_attrs .= $attr_matches['value'];
+					}
+				} else {
+					$new_attrs .= $attr_matches[0];
+				}
+			}
+
+			// Bail on parse error which occurs when the regex isn't able to consume the entire $new_attrs string.
+			if ( strlen( $old_attrs ) !== $offset ) {
+				return $tag_matches[0];
+			}
+
+			return '<' . $tag_matches['name'] . $new_attrs . '>';
+		};
+
+		$html = preg_replace_callback(
+			// Match all start tags that probably contain a binding attribute.
+			'#<(?P<name>\w\S+)(?P<attrs>\s+[^<]+\]=[^<]+)\s*>#',
+			$replace_callback,
+			$html
+		);
+
+		return $html;
+	}
+
+	/**
+	 * Convert AMP bind-attributes back to their original syntax.
+	 *
+	 * This is a reciprocal function of AMP_DOM_Utils::convert_amp_bind_attributes().
+	 *
+	 * @since 0.7
+	 * @see \AMP_DOM_Utils::convert_amp_bind_attributes()
+	 * @link https://www.ampproject.org/docs/reference/components/amp-bind
+	 *
+	 * @param string $html HTML with amp-bind attributes converted.
+	 * @return string HTML with amp-bind attributes restored.
+	 */
+	public static function restore_amp_bind_attributes( $html ) {
+		$html = preg_replace(
+			'#\s' . self::get_amp_bind_placeholder_attribute_prefix() . '([a-zA-Z0-9_\-]+)#',
+			' [$1]',
+			$html
+		);
+		return $html;
+	}
+
 	/**
 	 * Return a valid DOMDocument representing arbitrary HTML content passed as a parameter.
 	 *
@@ -175,6 +281,8 @@ public static function get_content_from_dom_node( $dom, $node ) {
 			return '';
 		}
 
+		$html = self::restore_amp_bind_attributes( $html );
+
 		/*
 		 * Travis w/PHP 7.1 generates <br></br> and <hr></hr> vs. <br/> and <hr/>, respectively.
 		 * Travis w/PHP 7.x generates <source ...></source> vs. <source ... />.  Etc.
diff --git a/phpcs.xml b/phpcs.xml
index a64861cc5c1..70f790323ea 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -30,7 +30,7 @@
 	</rule>
 
 	<!-- Include sniffs for PHP cross-version compatibility. -->
-	<config name="testVersion" value="5.2-99.0"/>
+	<config name="testVersion" value="5.3-99.0"/>
 	<rule ref="PHPCompatibility">
 		<exclude-pattern>bin/*</exclude-pattern>
 	</rule>
diff --git a/tests/test-class-amp-dom-utils.php b/tests/test-class-amp-dom-utils.php
index 261e77f6596..a76bca4e25c 100644
--- a/tests/test-class-amp-dom-utils.php
+++ b/tests/test-class-amp-dom-utils.php
@@ -90,4 +90,33 @@ public function test__get_content_from_dom__br_no_closing_tag() {
 
 		$this->assertEquals( $expected, $actual );
 	}
+
+	/**
+	 * Test convert_amp_bind_attributes.
+	 *
+	 * @covers \AMP_DOM_Utils::convert_amp_bind_attributes()
+	 * @covers \AMP_DOM_Utils::restore_amp_bind_attributes()
+	 * @covers \AMP_DOM_Utils::get_amp_bind_placeholder_attribute_prefix()
+	 * \AMP_DOM_Utils::restore_amp_bind_attributes()
+	 */
+	public function test_amp_bind_conversion() {
+		$original  = '<amp-img width=300 height="200" data-foo="bar" selected src="/img/dog.jpg" [src]="myAnimals[currentAnimal].imageUrl"></amp-img>';
+		$converted = AMP_DOM_Utils::convert_amp_bind_attributes( $original );
+		$this->assertNotEquals( $converted, $original );
+		$this->assertContains( AMP_DOM_Utils::get_amp_bind_placeholder_attribute_prefix() . 'src="myAnimals[currentAnimal].imageUrl"', $converted );
+		$this->assertContains( 'width=300 height="200" data-foo="bar" selected', $converted );
+		$restored = AMP_DOM_Utils::restore_amp_bind_attributes( $converted );
+		$this->assertEquals( $original, $restored );
+
+		// Test malformed.
+		$malformed_html = array(
+			'<amp-img width="123" [text]="..."</amp-img>',
+			'<amp-img width="123" [text] data-test="asd"></amp-img>',
+			'<amp-img width="123" [text]="..." *bad*></amp-img>',
+		);
+		foreach ( $malformed_html as $html ) {
+			$converted = AMP_DOM_Utils::convert_amp_bind_attributes( $html );
+			$this->assertNotContains( AMP_DOM_Utils::get_amp_bind_placeholder_attribute_prefix(), $converted );
+		}
+	}
 }
diff --git a/tests/test-tag-and-attribute-sanitizer.php b/tests/test-tag-and-attribute-sanitizer.php
index d19395a8a82..649b3651783 100644
--- a/tests/test-tag-and-attribute-sanitizer.php
+++ b/tests/test-tag-and-attribute-sanitizer.php
@@ -520,6 +520,10 @@ public function get_data() {
 				'<font size="1">Headline</font><span style="color: blue">Span</span>',
 				'Headline<span>Span</span>',
 			),
+
+			'amp_bind_attr' => array(
+				'<p [text]="\'Hello \' + foo">Hello World</p><button on="tap:AMP.setState({foo: \'amp-bind\'})">Update</button>',
+			),
 		);
 	}
 

From cbe9d53a9165d10ba2f4ee950a0ef9797dacab55 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Wed, 24 Jan 2018 13:46:16 -0800
Subject: [PATCH 2/7] Add required AMP component scripts only if element is not
 sanitized out of doc

---
 .../class-amp-tag-and-attribute-sanitizer.php  | 18 ++++++++++--------
 tests/test-class-amp-dom-utils.php             |  1 -
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index abbb2fa5c12..2f439b0fb66 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -279,19 +279,21 @@ private function process_node( $node ) {
 			return;
 		}
 
-		// Obtain list of component scripts required.
-		if ( ! empty( $tag_spec['also_requires_tag_warning'] ) ) {
-			$this->script_components[] = strtok( $tag_spec['also_requires_tag_warning'][0], ' ' );
-		}
-		if ( ! empty( $tag_spec['requires_extension'] ) ) {
-			$this->script_components = array_merge( $this->script_components, $tag_spec['requires_extension'] );
-		}
-
 		// Remove any remaining disallowed attributes.
 		$this->sanitize_disallowed_attributes_in_node( $node, $attr_spec_list );
 
 		// Remove values that don't conform to the attr_spec.
 		$this->sanitize_disallowed_attribute_values_in_node( $node, $attr_spec_list );
+
+		// Add required AMP component scripts if the element is still in the document.
+		if ( $node->parentNode ) {
+			if ( ! empty( $tag_spec['also_requires_tag_warning'] ) ) {
+				$this->script_components[] = strtok( $tag_spec['also_requires_tag_warning'][0], ' ' );
+			}
+			if ( ! empty( $tag_spec['requires_extension'] ) ) {
+				$this->script_components = array_merge( $this->script_components, $tag_spec['requires_extension'] );
+			}
+		}
 	}
 
 	/**
diff --git a/tests/test-class-amp-dom-utils.php b/tests/test-class-amp-dom-utils.php
index a76bca4e25c..78501b0858c 100644
--- a/tests/test-class-amp-dom-utils.php
+++ b/tests/test-class-amp-dom-utils.php
@@ -97,7 +97,6 @@ public function test__get_content_from_dom__br_no_closing_tag() {
 	 * @covers \AMP_DOM_Utils::convert_amp_bind_attributes()
 	 * @covers \AMP_DOM_Utils::restore_amp_bind_attributes()
 	 * @covers \AMP_DOM_Utils::get_amp_bind_placeholder_attribute_prefix()
-	 * \AMP_DOM_Utils::restore_amp_bind_attributes()
 	 */
 	public function test_amp_bind_conversion() {
 		$original  = '<amp-img width=300 height="200" data-foo="bar" selected src="/img/dog.jpg" [src]="myAnimals[currentAnimal].imageUrl"></amp-img>';

From 1e1c023b9a83676a4528e9c72366bc0a3bcbb186 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Wed, 24 Jan 2018 17:15:18 -0800
Subject: [PATCH 3/7] Add tests for scripts discovered during whitelist
 sanitization, inc. amp-bind

---
 tests/test-tag-and-attribute-sanitizer.php | 97 +++++++++++++++++++++-
 1 file changed, 95 insertions(+), 2 deletions(-)

diff --git a/tests/test-tag-and-attribute-sanitizer.php b/tests/test-tag-and-attribute-sanitizer.php
index 649b3651783..c18a5b3d3a3 100644
--- a/tests/test-tag-and-attribute-sanitizer.php
+++ b/tests/test-tag-and-attribute-sanitizer.php
@@ -19,91 +19,128 @@ public function get_data() {
 
 			'a4a'                                                       => array(
 				'<amp-ad width="300" height="400" type="fake" data-use-a4a="true" data-vars-analytics-var="bar" src="fake_amp.json"><div placeholder=""></div><div fallback=""></div></amp-ad>',
+				null, // No change.
+				array( 'amp-ad' ),
 			),
 
 			'ads'                                                       => array(
 				'<amp-ad width="300" height="250" type="a9" data-aax_size="300x250" data-aax_pubname="test123" data-aax_src="302"><div placeholder=""></div><div fallback=""></div></amp-ad>',
+				null, // No change.
+				array( 'amp-ad' ),
 			),
 
 			'adsense'                                                   => array(
 				'<amp-ad width="300" height="250" type="adsense" data-ad-client="ca-pub-2005682797531342" data-ad-slot="7046626912"><div placeholder=""></div><div fallback=""></div></amp-ad>',
+				null, // No change.
+				array( 'amp-ad' ),
 			),
 
 			'amp-3q-player'                                             => array(
 				'<amp-3q-player data-id="c8dbe7f4-7f7f-11e6-a407-0cc47a188158" layout="responsive" width="480" height="270"></amp-3q-player>',
+				null,
+				array( 'amp-3q-player' ),
 			),
 
 			'amp-ad'                                                    => array(
 				'<amp-ad width="300" height="250" type="foo"></amp-ad>',
+				null, // No change.
+				array( 'amp-ad' ),
 			),
 
 			'amp-ad-exit'                                               => array(
 				'<amp-ad-exit id="exit-api"><script type="application/json"></script></amp-ad-exit>',
+				null, // No change.
+				array( 'amp-ad-exit' ),
 			),
 
 			'amp-animation'                                             => array(
 				'<amp-animation layout="nodisplay"><script type="application/json"></script></amp-animation>',
+				null, // No change.
+				array( 'amp-animation' ),
 			),
 
 			'amp-call-tracking'                                         => array(
 				'<amp-call-tracking config="https://example.com/calltracking.json"><a href="tel:123456789">+1 (23) 456-789</a></amp-call-tracking>',
+				null,
+				array( 'amp-call-tracking' ),
 			),
 
 			'amp-call-tracking_blacklisted_config'                      => array(
 				'<amp-call-tracking config="__amp_source_origin"><a href="tel:123456789">+1 (23) 456-789</a></amp-call-tracking>',
 				'',
+				array(), // Important: This needs to be empty because the amp-call-tracking is stripped.
 			),
 
 			'amp-embed'                                                 => array(
 				'<amp-embed type="taboola" width="400" height="300" layout="responsive"></amp-embed>',
+				null, // No change.
+				array( 'amp-ad' ),
 			),
 
 			'amp-facebook-comments'                                     => array(
 				'<amp-facebook-comments width="486" height="657" data-href="http://example.com/baz" layout="responsive" data-numposts="5"></amp-facebook-comments>',
+				null, // No change.
+				array( 'amp-facebook-comments' ),
 			),
 
 			'amp-facebook-comments_missing_required_attribute'          => array(
 				'<amp-facebook-comments width="486" height="657" layout="responsive" data-numposts="5"></amp-facebook-comments>',
 				'',
+				array(), // Empty because invalid.
 			),
 
 			'amp-facebook-like'                                         => array(
 				'<amp-facebook-like width="90" height="20" data-href="http://example.com/baz" layout="fixed" data-layout="button_count"></amp-facebook-like>',
+				null, // No change.
+				array( 'amp-facebook-like' ),
 			),
 
 			'amp-facebook-like_missing_required_attribute'              => array(
 				'<amp-facebook-like width="90" height="20" layout="fixed" data-layout="button_count"></amp-facebook-like>',
 				'',
+				array(), // Empty because invalid.
 			),
 
 			'amp-fit-text'                                              => array(
 				'<amp-fit-text width="300" height="200" layout="responsive">Lorem ipsum</amp-fit-text>',
+				null, // No change.
+				array( 'amp-fit-text' ),
 			),
 
 			'amp-gist'                                                  => array(
 				'<amp-gist layout="fixed-height" data-gistid="a19" height="1613"></amp-gist>',
+				null, // No change.
+				array( 'amp-gist' ),
 			),
 
 			'amp-gist_missing_mandatory_attribute'                      => array(
 				'<amp-gist layout="fixed-height" height="1613"></amp-gist>',
 				'',
+				array(),
 			),
 
 			'amp-gwd-animation'                                         => array(
 				'<amp-gwd-animation id="4321" layout="nodisplay"></amp-gwd-animation>',
+				null, // No change.
+				array( 'amp-gwd-animation' ),
 			),
 
 			'amp-iframe'                                                => array(
 				'<amp-iframe width="600" height="200" sandbox="allow-scripts allow-same-origin" layout="responsive" frameborder="0" src="https://www.example.com"></amp-iframe>',
+				null, // No change.
+				array( 'amp-iframe' ),
 			),
 
 			'amp-iframe_incorrect_protocol'                             => array(
 				'<amp-iframe width="600" height="200" sandbox="allow-scripts allow-same-origin" layout="responsive" frameborder="0" src="masterprotocol://www.example.com"></amp-iframe>',
 				'<amp-iframe width="600" height="200" sandbox="allow-scripts allow-same-origin" layout="responsive" frameborder="0"></amp-iframe>',
+				array( 'amp-iframe' ),
 			),
 
 			'amp-ima-video'                                             => array(
 				'<amp-ima-video width="640" height="360" data-tag="https://example.com/foo" layout="responsive" data-src="https://example.com/bar"></amp-ima-video>',
+				null, // No change.
+				array( 'amp-ima-video' ),
 			),
 
 			'amp-ima-video_missing_required_attribute'                  => array(
@@ -113,52 +150,74 @@ public function get_data() {
 
 			'amp-imgur'                                                 => array(
 				'<amp-imgur data-imgur-id="54321" layout="responsive" width="540" height="663"></amp-imgur>',
+				null, // No change.
+				array( 'amp-imgur' ),
 			),
 
 			'amp-install-serviceworker'                                 => array(
 				'<amp-install-serviceworker src="https://www.emample.com/worker.js" data-iframe-src="https://www.example.com/serviceworker.html" layout="nodisplay"></amp-install-serviceworker>',
+				null, // No change.
+				array( 'amp-install-serviceworker' ),
 			),
 
 			'amp-izlesene'                                              => array(
 				'<amp-izlesene data-videoid="4321" layout="responsive" width="432" height="123"></amp-izlesene>',
+				null, // No change.
+				array( 'amp-izlesene' ),
 			),
 
 			'amp-nexxtv-player'                                         => array(
 				'<amp-nexxtv-player data-mediaid="123ABC" data-client="4321"></amp-nexxtv-player>',
+				null, // No change.
+				array( 'amp-nexxtv-player' ),
 			),
 
 			'amp-playbuzz'                                              => array(
 				'<amp-playbuzz src="id-from-the-content-here" height="500" data-item-info="true" data-share-buttons="true" data-comments="true"></amp-playbuzz>',
+				null, // No change.
+				array( 'amp-playbuzz' ),
 			),
 
 			'amp-playbuzz_no_src'                                       => array(
 				'<amp-playbuzz height="500" data-item-info="true"></amp-playbuzz>',
+				null, // @todo This actually should be stripped because .
+				array( 'amp-playbuzz' ),
 			),
 
 			'amp-position-observer'                                     => array(
 				'<amp-position-observer intersection-ratios="1"></amp-position-observer>',
+				null, // No change.
+				array( 'amp-position-observer' ),
 			),
 
 			'amp-twitter'                                               => array(
 				'<amp-twitter width="321" height="543" layout="responsive" data-tweetid="98765"></amp-twitter>',
+				null, // No change.
+				array( 'amp-twitter' ),
 			),
 
 			'amp-user-notification'                                     => array(
 				'<amp-user-notification layout="nodisplay" id="amp-user-notification1" data-show-if-href="https://example.com/api/show?timestamp=TIMESTAMP" data-dismiss-href="https://example.com/api/echo/post">This site uses cookies to personalize content.<a class="btn" on="tap:amp-user-notification1.dismiss">I accept</a></amp-user-notification>',
 				'<amp-user-notification layout="nodisplay" id="amp-user-notification1" data-show-if-href="https://example.com/api/show?timestamp=TIMESTAMP" data-dismiss-href="https://example.com/api/echo/post">This site uses cookies to personalize content.<a class="btn" on="tap:amp-user-notification1.dismiss">I accept</a></amp-user-notification>',
+				array( 'amp-user-notification' ),
 			),
 
 			'amp-video'                                                 => array(
 				'<amp-video width="432" height="987" src="/video/location.mp4"></amp-video>',
+				null, // No change.
+				array( 'amp-video' ),
 			),
 
 			'amp-vk'                                                    => array(
 				'<amp-vk width="500" height="300" data-embedtype="post" layout="responsive"></amp-vk>',
+				null, // No change.
+				array( 'amp-vk' ),
 			),
 
 			'amp-apester-media'                                         => array(
 				'<amp-apester-media height="444" data-apester-media-id="57a336dba187a2ca3005e826" layout="fixed-height"></amp-apester-media>',
 				'<amp-apester-media height="444" data-apester-media-id="57a336dba187a2ca3005e826" layout="fixed-height"></amp-apester-media>',
+				array( 'amp-apester-media' ),
 			),
 
 			'button'                                                    => array(
@@ -169,31 +228,37 @@ public function get_data() {
 			'brid-player'                                               => array(
 				'<amp-brid-player data-partner="264" data-player="4144" data-video="13663" layout="responsive" width="480" height="270"></amp-brid-player>',
 				'<amp-brid-player data-partner="264" data-player="4144" data-video="13663" layout="responsive" width="480" height="270"></amp-brid-player>',
+				array( 'amp-brid-player' ),
 			),
 
 			'brightcove'                                                => array(
 				'<amp-brightcove data-account="906043040001" data-video-id="1401169490001" data-player="180a5658-8be8-4f33-8eba-d562ab41b40c" layout="responsive" width="480" height="270"></amp-brightcove>',
 				'<amp-brightcove data-account="906043040001" data-video-id="1401169490001" data-player="180a5658-8be8-4f33-8eba-d562ab41b40c" layout="responsive" width="480" height="270"></amp-brightcove>',
+				array( 'amp-brightcove' ),
 			),
 
 			'carousel'                                                  => array(
 				'<amp-carousel width="400" height="300" layout="responsive" type="slides" controls=""><div>hello world</div><amp-img src="https://lh3.googleusercontent.com/pSECrJ82R7-AqeBCOEPGPM9iG9OEIQ_QXcbubWIOdkY=w400-h300-no-n" layout="fill"></amp-img><amp-img src="https://lh3.googleusercontent.com/5rcQ32ml8E5ONp9f9-Rf78IofLb9QjS5_0mqsY1zEFc=w400-h300-no-n" width="400" height="300" layout="responsive"></amp-img><amp-img src="https://lh3.googleusercontent.com/Z4gtm5Bkxyv21Z2PtbTf95Clb9AE4VTR6olbBKYrenM=w400-h300-no-n" width="400" height="300" layout="responsive"></amp-img><amp-soundcloud height="300" layout="fixed-height" data-trackid="243169232"></amp-soundcloud><amp-youtube data-videoid="mGENRKrdoGY" width="400" height="300"></amp-youtube><amp-anim src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no" width="400" height="300"><amp-img placeholder="" src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no-k" width="400" height="300"></amp-img></amp-anim><amp-audio src="https://ia801402.us.archive.org/16/items/EDIS-SRP-0197-06/EDIS-SRP-0197-06.mp3"></amp-audio><amp-brightcove data-account="906043040001" data-video-id="1401169490001" data-player="180a5658-8be8-4f33-8eba-d562ab41b40c" layout="responsive" width="480" height="270"></amp-brightcove><amp-vimeo data-videoid="27246366" width="500" height="281"></amp-vimeo><amp-dailymotion data-videoid="x3rdtfy" width="500" height="281"></amp-dailymotion><amp-vine data-vineid="MdKjXez002d" width="381" height="381" layout="responsive"></amp-vine><amp-video src="https://commondatastorage.googleapis.com/gtv-videos-bucket/sample/ForBiggerJoyrides.mp4" width="358" height="204" layout="responsive" controls=""></amp-video></amp-carousel><amp-carousel width="auto" height="300" controls=""><div>hello world</div><amp-img src="https://lh3.googleusercontent.com/pSECrJ82R7-AqeBCOEPGPM9iG9OEIQ_QXcbubWIOdkY=w400-h300-no-n" width="400" height="300"></amp-img><amp-img src="https://lh3.googleusercontent.com/5rcQ32ml8E5ONp9f9-Rf78IofLb9QjS5_0mqsY1zEFc=w400-h300-no-n" width="400" height="300"></amp-img><amp-img src="https://lh3.googleusercontent.com/Z4gtm5Bkxyv21Z2PtbTf95Clb9AE4VTR6olbBKYrenM=w400-h300-no-n" width="400" height="300"></amp-img><amp-soundcloud height="300" layout="fixed-height" data-trackid="243169232"></amp-soundcloud><amp-youtube data-videoid="mGENRKrdoGY" width="400" height="300"></amp-youtube><amp-anim src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no" width="400" height="300"><amp-img placeholder="" src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no-k" width="400" height="300"></amp-img></amp-anim><amp-audio src="https://ia801402.us.archive.org/16/items/EDIS-SRP-0197-06/EDIS-SRP-0197-06.mp3"></amp-audio><amp-brightcove data-account="906043040001" data-video-id="1401169490001" data-player="180a5658-8be8-4f33-8eba-d562ab41b40c" layout="responsive" width="300" height="300"></amp-brightcove><amp-vimeo data-videoid="27246366" width="300" height="300"></amp-vimeo><amp-dailymotion data-videoid="x3rdtfy" width="300" height="300"></amp-dailymotion><amp-vine data-vineid="MdKjXez002d" width="300" height="300"></amp-vine><amp-video src="https://commondatastorage.googleapis.com/gtv-videos-bucket/sample/ForBiggerJoyrides.mp4" width="300" height="300" controls=""></amp-video></amp-carousel>',
 				'<amp-carousel width="400" height="300" layout="responsive" type="slides" controls=""><div>hello world</div><amp-img src="https://lh3.googleusercontent.com/pSECrJ82R7-AqeBCOEPGPM9iG9OEIQ_QXcbubWIOdkY=w400-h300-no-n" layout="fill"></amp-img><amp-img src="https://lh3.googleusercontent.com/5rcQ32ml8E5ONp9f9-Rf78IofLb9QjS5_0mqsY1zEFc=w400-h300-no-n" width="400" height="300" layout="responsive"></amp-img><amp-img src="https://lh3.googleusercontent.com/Z4gtm5Bkxyv21Z2PtbTf95Clb9AE4VTR6olbBKYrenM=w400-h300-no-n" width="400" height="300" layout="responsive"></amp-img><amp-soundcloud height="300" layout="fixed-height" data-trackid="243169232"></amp-soundcloud><amp-youtube data-videoid="mGENRKrdoGY" width="400" height="300"></amp-youtube><amp-anim src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no" width="400" height="300"><amp-img placeholder="" src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no-k" width="400" height="300"></amp-img></amp-anim><amp-audio src="https://ia801402.us.archive.org/16/items/EDIS-SRP-0197-06/EDIS-SRP-0197-06.mp3"></amp-audio><amp-brightcove data-account="906043040001" data-video-id="1401169490001" data-player="180a5658-8be8-4f33-8eba-d562ab41b40c" layout="responsive" width="480" height="270"></amp-brightcove><amp-vimeo data-videoid="27246366" width="500" height="281"></amp-vimeo><amp-dailymotion data-videoid="x3rdtfy" width="500" height="281"></amp-dailymotion><amp-vine data-vineid="MdKjXez002d" width="381" height="381" layout="responsive"></amp-vine><amp-video src="https://commondatastorage.googleapis.com/gtv-videos-bucket/sample/ForBiggerJoyrides.mp4" width="358" height="204" layout="responsive" controls=""></amp-video></amp-carousel><amp-carousel width="auto" height="300" controls=""><div>hello world</div><amp-img src="https://lh3.googleusercontent.com/pSECrJ82R7-AqeBCOEPGPM9iG9OEIQ_QXcbubWIOdkY=w400-h300-no-n" width="400" height="300"></amp-img><amp-img src="https://lh3.googleusercontent.com/5rcQ32ml8E5ONp9f9-Rf78IofLb9QjS5_0mqsY1zEFc=w400-h300-no-n" width="400" height="300"></amp-img><amp-img src="https://lh3.googleusercontent.com/Z4gtm5Bkxyv21Z2PtbTf95Clb9AE4VTR6olbBKYrenM=w400-h300-no-n" width="400" height="300"></amp-img><amp-soundcloud height="300" layout="fixed-height" data-trackid="243169232"></amp-soundcloud><amp-youtube data-videoid="mGENRKrdoGY" width="400" height="300"></amp-youtube><amp-anim src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no" width="400" height="300"><amp-img placeholder="" src="https://lh3.googleusercontent.com/qNn8GDz8Jfd-s9lt3Nc4lJeLjVyEaqGJTk1vuCUWazCmAeOBVjSWDD0SMTU7x0zhVe5UzOTKR0n-kN4SXx7yElvpKYvCMaRyS_g-jydhJ_cEVYmYPiZ_j1Y9de43mlKxU6s06uK1NAlpbSkL_046amEKOdgIACICkuWfOBwlw2hUDfjPOWskeyMrcTu8XOEerCLuVqXugG31QC345hz3lUyOlkdT9fMYVUynSERGNzHba7bXMOxKRe3izS5DIWUgJs3oeKYqA-V8iqgCvneD1jj0Ff68V_ajm4BDchQubBJU0ytXVkoWh27ngeEHubpnApOS6fcGsjPxeuMjnzAUtoTsiXz2FZi1mMrxrblJ-kZoAq1DJ95cnoqoa2CYq3BTgq2E8BRe2paNxLJ5GXBCTpNdXMpVJc6eD7ceijQyn-2qanilX-iK3ChbOq0uBHMvsdoC_LsFOu5KzbbNH71vM3DPkvDGmHJmF67Vj8sQ6uBrLnzpYlCyN4-Y9frR8zugDcqX5Q=w400-h300-no-k" width="400" height="300"></amp-img></amp-anim><amp-audio src="https://ia801402.us.archive.org/16/items/EDIS-SRP-0197-06/EDIS-SRP-0197-06.mp3"></amp-audio><amp-brightcove data-account="906043040001" data-video-id="1401169490001" data-player="180a5658-8be8-4f33-8eba-d562ab41b40c" layout="responsive" width="300" height="300"></amp-brightcove><amp-vimeo data-videoid="27246366" width="300" height="300"></amp-vimeo><amp-dailymotion data-videoid="x3rdtfy" width="300" height="300"></amp-dailymotion><amp-vine data-vineid="MdKjXez002d" width="300" height="300"></amp-vine><amp-video src="https://commondatastorage.googleapis.com/gtv-videos-bucket/sample/ForBiggerJoyrides.mp4" width="300" height="300" controls=""></amp-video></amp-carousel>',
+				array( 'amp-anim', 'amp-audio', 'amp-brightcove', 'amp-carousel', 'amp-dailymotion', 'amp-soundcloud', 'amp-video', 'amp-vimeo', 'amp-vine', 'amp-youtube' ),
 			),
 
 			'amp-dailymotion'                                           => array(
 				'<amp-dailymotion data-videoid="x3rdtfy" width="500" height="281"></amp-dailymotion><h4>Default (responsive)</h4><amp-dailymotion data-videoid="x3rdtfy" width="500" height="281" layout="responsive"></amp-dailymotion><h4>Custom</h4><amp-dailymotion data-videoid="x3rdtfy" data-endscreen-enable="false" data-sharing-enable="false" data-ui-highlight="444444" data-ui-logo="false" data-info="false" width="640" height="360"></amp-dailymotion>',
 				'<amp-dailymotion data-videoid="x3rdtfy" width="500" height="281"></amp-dailymotion><h4>Default (responsive)</h4><amp-dailymotion data-videoid="x3rdtfy" width="500" height="281" layout="responsive"></amp-dailymotion><h4>Custom</h4><amp-dailymotion data-videoid="x3rdtfy" data-endscreen-enable="false" data-sharing-enable="false" data-ui-highlight="444444" data-ui-logo="false" data-info="false" width="640" height="360"></amp-dailymotion>',
+				array( 'amp-dailymotion' ),
 			),
 
 			'doubleclick-1'                                             => array(
 				'<amp-ad width="480" height="75" type="doubleclick" data-slot="/4119129/mobile_ad_banner" data-multi-size="320x50" class="dashedborder"></amp-ad>',
 				'<amp-ad width="480" height="75" type="doubleclick" data-slot="/4119129/mobile_ad_banner" data-multi-size="320x50" class="dashedborder"></amp-ad>',
+				array( 'amp-ad' ),
 			),
 
 			'facebook'                                                  => array(
 				'<amp-facebook width="552" height="303" layout="responsive" data-href="https://www.facebook.com/zuck/posts/10102593740125791"></amp-facebook><h1>More Posts</h1>',
 				'<amp-facebook width="552" height="303" layout="responsive" data-href="https://www.facebook.com/zuck/posts/10102593740125791"></amp-facebook><h1>More Posts</h1>',
+				array( 'amp-facebook' ),
 			),
 
 			'font'                                                      => array(
@@ -204,11 +269,13 @@ public function get_data() {
 			'form'                                                      => array(
 				'<form method="get" action="/form/search-html/get" target="_blank"><fieldset><label><span>Search for</span><input type="search" placeholder="test" name="term" required></label><input type="submit" value="Search"></fieldset></form>',
 				'<form method="get" action="/form/search-html/get" target="_blank"><fieldset><label><span>Search for</span><input type="search" placeholder="test" name="term" required></label><input type="submit" value="Search"></fieldset></form>',
+				array( 'amp-form' ),
 			),
 
 			'gfycat'                                                    => array(
 				'<amp-gfycat data-gfyid="BareSecondaryFlamingo" width="225" height="400"></amp-gfycat>',
 				'<amp-gfycat data-gfyid="BareSecondaryFlamingo" width="225" height="400"></amp-gfycat>',
+				array( 'amp-gfycat' ),
 			),
 
 			'h2'                                                        => array(
@@ -251,16 +318,21 @@ public function get_data() {
 
 			'attribute_value_valid'                                     => array(
 				'<template type="amp-mustache">Template Data</template>',
+				null,
+				array( 'amp-mustache' ),
 			),
 
 			'attribute_value_invalid'                                   => array(
 				// type is mandatory, so the node is removed.
 				'<template type="bad-type">Template Data</template>',
 				'',
+				array(), // No scripts because removed.
 			),
 
 			'attribute_amp_accordion_value'                             => array(
 				'<amp-accordion disable-session-states="">test</amp-accordion>',
+				null, // No change.
+				array( 'amp-accordion' ),
 			),
 
 			'attribute_value_with_blacklisted_regex_removed'            => array(
@@ -301,26 +373,33 @@ public function get_data() {
 
 			'attribute_value_with_value_regex_casei_lower'              => array(
 				'<amp-dailymotion data-videoid="abc"></amp-dailymotion>',
+				null, // No change.
+				array( 'amp-dailymotion' ),
 			),
 
 			'attribute_value_with_value_regex_casei_upper'              => array(
 				'<amp-dailymotion data-videoid="ABC"></amp-dailymotion>',
+				null, // No change.
+				array( 'amp-dailymotion' ),
 			),
 
 			'attribute_value_with_bad_value_regex_casei_removed'        => array(
 				// data-ui-logo should be true|false.
 				'<amp-dailymotion data-videoid="123" data-ui-logo="maybe"></amp-dailymotion>',
 				'<amp-dailymotion data-videoid="123"></amp-dailymotion>',
+				array( 'amp-dailymotion' ),
 			),
 
 			'attribute_bad_attr_with_no_value_removed'                  => array(
 				'<amp-ad type="adsense" bad-attr-no-value>something here</amp-alt>',
 				'<amp-ad type="adsense">something here</amp-ad>',
+				array( 'amp-ad' ),
 			),
 
 			'attribute_bad_attr_with_value_removed'                     => array(
 				'<amp-ad type="adsense" bad-attr="some-value">something here</amp-alt>',
 				'<amp-ad type="adsense">something here</amp-ad>',
+				array( 'amp-ad' ),
 			),
 
 			'remove_node_with_invalid_mandatory_attribute'              => array(
@@ -346,6 +425,8 @@ public function get_data() {
 
 			'allow_node_with_valid_mandatory_attribute'                 => array(
 				'<amp-analytics><script type="application/json"></script></amp-analytics>',
+				null, // No change.
+				array( 'amp-analytics' ),
 			),
 
 			'nodes_with_non_whitelisted_tags_replaced_by_children'      => array(
@@ -371,11 +452,13 @@ public function get_data() {
 			'leave_attribute_on_node_with_present_mandatory_parent'     => array(
 				'<form action="form.php" target="_top"><div submit-success>This is a test.</div></form>',
 				'<form action="form.php" target="_top"><div submit-success>This is a test.</div></form>',
+				array( 'amp-form' ),
 			),
 
 			'disallowed_empty_attr_removed'                             => array(
 				'<amp-user-notification data-dismiss-href></amp-user-notification>',
 				'<amp-user-notification></amp-user-notification>',
+				array( 'amp-user-notification' ),
 			),
 
 			'allowed_empty_attr'                                        => array(
@@ -385,6 +468,7 @@ public function get_data() {
 			'remove_node_with_disallowed_ancestor'                      => array(
 				'<amp-sidebar>The sidebar<amp-app-banner>This node is not allowed here.</amp-app-banner></amp-sidebar>',
 				'<amp-sidebar>The sidebar</amp-sidebar>',
+				array( 'amp-sidebar' ),
 			),
 
 			'remove_node_without_mandatory_ancestor'                    => array(
@@ -523,6 +607,13 @@ public function get_data() {
 
 			'amp_bind_attr' => array(
 				'<p [text]="\'Hello \' + foo">Hello World</p><button on="tap:AMP.setState({foo: \'amp-bind\'})">Update</button>',
+				null, // No change.
+				array( 'amp-bind' ),
+			),
+
+			'amp_bad_bind_attr' => array(
+				'<p [unrecognized]="123">Hello World</p>',
+				'<p>Hello World</p>',
 			),
 		);
 	}
@@ -563,10 +654,11 @@ public function test_is_missing_mandatory_attribute() {
 	 *
 	 * @dataProvider get_data
 	 * @group allowed-tags
-	 * @param string $source Markup to process.
+	 * @param string $source   Markup to process.
 	 * @param string $expected The markup to expect.
+	 * @param array  $scripts  The AMP component script names that are obtained through sanitization.
 	 */
-	public function test_sanitizer( $source, $expected = null ) {
+	public function test_sanitizer( $source, $expected = null, $scripts = array() ) {
 		$expected  = isset( $expected ) ? $expected : $source;
 		$dom       = AMP_DOM_Utils::get_dom_from_content( $source );
 		$sanitizer = new AMP_Tag_And_Attribute_Sanitizer( $dom );
@@ -574,5 +666,6 @@ public function test_sanitizer( $source, $expected = null ) {
 		$content = AMP_DOM_Utils::get_content_from_dom( $dom );
 		$content = preg_replace( '/(?<=>)\s+(?=<)/', '', $content );
 		$this->assertEquals( $expected, $content );
+		$this->assertEqualSets( $scripts, array_keys( $sanitizer->get_scripts() ) );
 	}
 }

From 567f1d5e821f376aae8cf5cf308f2d70124c6a59 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Wed, 24 Jan 2018 22:28:05 -0800
Subject: [PATCH 4/7] Validate bound attributes by putting placeholders in spec

---
 .../class-amp-tag-and-attribute-sanitizer.php | 47 +++++++++++++++----
 includes/utils/class-amp-dom-utils.php        | 10 ++--
 tests/test-class-amp-dom-utils.php            |  6 +--
 tests/test-tag-and-attribute-sanitizer.php    |  4 +-
 4 files changed, 47 insertions(+), 20 deletions(-)

diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index 2f439b0fb66..021011873fa 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -91,16 +91,27 @@ public function __construct( $dom, $args = array() ) {
 			'amp_allowed_tags'                => AMP_Allowed_Tags_Generated::get_allowed_tags(),
 			'amp_globally_allowed_attributes' => AMP_Allowed_Tags_Generated::get_allowed_attributes(),
 			'amp_layout_allowed_attributes'   => AMP_Allowed_Tags_Generated::get_layout_attributes(),
+			'amp_bind_placeholder_prefix'     => AMP_DOM_Utils::get_amp_bind_placeholder_prefix(),
 		);
 
 		parent::__construct( $dom, $args );
 
-		/**
-		 * Prepare whitelists
-		 */
-		$this->allowed_tags                = $this->args['amp_allowed_tags'];
-		$this->globally_allowed_attributes = $this->args['amp_globally_allowed_attributes'];
-		$this->layout_allowed_attributes   = $this->args['amp_layout_allowed_attributes'];
+		// Prepare whitelists.
+		$this->allowed_tags = $this->args['amp_allowed_tags'];
+		foreach ( AMP_Rule_Spec::$additional_allowed_tags as $tag_name => $tag_rule_spec ) {
+			$this->allowed_tags[ $tag_name ][] = $tag_rule_spec;
+		}
+
+		// @todo Add the placeholder bind attribute to the alternative names instead.
+		foreach ( $this->allowed_tags as &$tag_specs ) {
+			foreach ( $tag_specs as &$tag_spec ) {
+				if ( isset( $tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] ) ) {
+					$tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] = $this->convert_bind_attributes( $tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] );
+				}
+			}
+		}
+		$this->globally_allowed_attributes = $this->convert_bind_attributes( $this->args['amp_globally_allowed_attributes'] );
+		$this->layout_allowed_attributes   = $this->convert_bind_attributes( $this->args['amp_layout_allowed_attributes'] );
 	}
 
 	/**
@@ -127,6 +138,26 @@ public function get_scripts() {
 		return $scripts;
 	}
 
+	/**
+	 * Modify attribute spec list to replace AMP binding attributes with the placeholders.
+	 *
+	 * @since 0.7
+	 *
+	 * @param array $attr_spec_list Attribute spec list.
+	 * @return array Modified attribute spec list.
+	 */
+	private function convert_bind_attributes( $attr_spec_list ) {
+		foreach ( array_keys( $attr_spec_list ) as $attr_name ) {
+			if ( '[' === $attr_name[0] ) {
+				$actual_attr_name = $this->args['amp_bind_placeholder_prefix'] . trim( $attr_name, '[]' );
+
+				$attr_spec_list[ $actual_attr_name ] = $attr_spec_list[ $attr_name ];
+				unset( $attr_spec_list[ $attr_name ] );
+			}
+		}
+		return $attr_spec_list;
+	}
+
 	/**
 	 * Sanitize the <video> elements from the HTML contained in this instance's DOMDocument.
 	 *
@@ -134,10 +165,6 @@ public function get_scripts() {
 	 */
 	public function sanitize() {
 
-		foreach ( AMP_Rule_Spec::$additional_allowed_tags as $tag_name => $tag_rule_spec ) {
-			$this->allowed_tags[ $tag_name ][] = $tag_rule_spec;
-		}
-
 		/**
 		 * Add root of content to the stack.
 		 *
diff --git a/includes/utils/class-amp-dom-utils.php b/includes/utils/class-amp-dom-utils.php
index 4bb2dc89a87..bf217f7a3a4 100644
--- a/includes/utils/class-amp-dom-utils.php
+++ b/includes/utils/class-amp-dom-utils.php
@@ -89,10 +89,10 @@ public static function get_dom( $document ) {
 	 *
 	 * @return string HTML5 data-* attribute name prefix for AMP binding attributes.
 	 */
-	public static function get_amp_bind_placeholder_attribute_prefix() {
+	public static function get_amp_bind_placeholder_prefix() {
 		static $attribute_prefix;
 		if ( ! isset( $attribute_prefix ) ) {
-			$attribute_prefix = sprintf( 'data-amp-binding-%s-', md5( wp_rand() ) );
+			$attribute_prefix = sprintf( 'amp-binding-%s-', md5( wp_rand() ) );
 		}
 		return $attribute_prefix;
 	}
@@ -113,7 +113,7 @@ public static function get_amp_bind_placeholder_attribute_prefix() {
 	 * @return string HTML with AMP binding attributes replaced with HTML5 data-* attributes.
 	 */
 	public static function convert_amp_bind_attributes( $html ) {
-		$amp_bind_attr_prefix = self::get_amp_bind_placeholder_attribute_prefix();
+		$amp_bind_attr_prefix = self::get_amp_bind_placeholder_prefix();
 
 		// Pattern for HTML attribute accounting for binding attr name, boolean attribute, single/double-quoted attribute value, and unquoted attribute values.
 		$attr_regex = '#^\s+(?P<name>\[?[a-zA-Z0-9_\-]+\]?)(?P<value>=(?:"[^"]*"|\'[^\']*\'|[^\'"\s]+))?#';
@@ -151,7 +151,7 @@ public static function convert_amp_bind_attributes( $html ) {
 
 		$html = preg_replace_callback(
 			// Match all start tags that probably contain a binding attribute.
-			'#<(?P<name>\w\S+)(?P<attrs>\s+[^<]+\]=[^<]+)\s*>#',
+			'#<(?P<name>[a-zA-Z0-9_\-]+)(?P<attrs>\s+[^>]+\]=[^>]+)\s*>#',
 			$replace_callback,
 			$html
 		);
@@ -173,7 +173,7 @@ public static function convert_amp_bind_attributes( $html ) {
 	 */
 	public static function restore_amp_bind_attributes( $html ) {
 		$html = preg_replace(
-			'#\s' . self::get_amp_bind_placeholder_attribute_prefix() . '([a-zA-Z0-9_\-]+)#',
+			'#\s' . self::get_amp_bind_placeholder_prefix() . '([a-zA-Z0-9_\-]+)#',
 			' [$1]',
 			$html
 		);
diff --git a/tests/test-class-amp-dom-utils.php b/tests/test-class-amp-dom-utils.php
index 78501b0858c..d3e2a6ea2a9 100644
--- a/tests/test-class-amp-dom-utils.php
+++ b/tests/test-class-amp-dom-utils.php
@@ -96,13 +96,13 @@ public function test__get_content_from_dom__br_no_closing_tag() {
 	 *
 	 * @covers \AMP_DOM_Utils::convert_amp_bind_attributes()
 	 * @covers \AMP_DOM_Utils::restore_amp_bind_attributes()
-	 * @covers \AMP_DOM_Utils::get_amp_bind_placeholder_attribute_prefix()
+	 * @covers \AMP_DOM_Utils::get_amp_bind_placeholder_prefix()
 	 */
 	public function test_amp_bind_conversion() {
 		$original  = '<amp-img width=300 height="200" data-foo="bar" selected src="/img/dog.jpg" [src]="myAnimals[currentAnimal].imageUrl"></amp-img>';
 		$converted = AMP_DOM_Utils::convert_amp_bind_attributes( $original );
 		$this->assertNotEquals( $converted, $original );
-		$this->assertContains( AMP_DOM_Utils::get_amp_bind_placeholder_attribute_prefix() . 'src="myAnimals[currentAnimal].imageUrl"', $converted );
+		$this->assertContains( AMP_DOM_Utils::get_amp_bind_placeholder_prefix() . 'src="myAnimals[currentAnimal].imageUrl"', $converted );
 		$this->assertContains( 'width=300 height="200" data-foo="bar" selected', $converted );
 		$restored = AMP_DOM_Utils::restore_amp_bind_attributes( $converted );
 		$this->assertEquals( $original, $restored );
@@ -115,7 +115,7 @@ public function test_amp_bind_conversion() {
 		);
 		foreach ( $malformed_html as $html ) {
 			$converted = AMP_DOM_Utils::convert_amp_bind_attributes( $html );
-			$this->assertNotContains( AMP_DOM_Utils::get_amp_bind_placeholder_attribute_prefix(), $converted );
+			$this->assertNotContains( AMP_DOM_Utils::get_amp_bind_placeholder_prefix(), $converted );
 		}
 	}
 }
diff --git a/tests/test-tag-and-attribute-sanitizer.php b/tests/test-tag-and-attribute-sanitizer.php
index c18a5b3d3a3..08e243e4199 100644
--- a/tests/test-tag-and-attribute-sanitizer.php
+++ b/tests/test-tag-and-attribute-sanitizer.php
@@ -612,8 +612,8 @@ public function get_data() {
 			),
 
 			'amp_bad_bind_attr' => array(
-				'<p [unrecognized]="123">Hello World</p>',
-				'<p>Hello World</p>',
+				'<a [unrecognized] [href]="/">test</a><p [text]="\'Hello \' + name">Hello World</p>',
+				'<a [href]="/">test</a><p [text]="\'Hello \' + name">Hello World</p>',
 			),
 		);
 	}

From c85d72b6214394a71c0d18abf9e7406c5d36fa2e Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Wed, 24 Jan 2018 23:12:17 -0800
Subject: [PATCH 5/7] Use alt attribute names for amp-bind placeholders;
 improve performance of alt names

---
 .../class-amp-tag-and-attribute-sanitizer.php | 79 +++++++++++--------
 1 file changed, 44 insertions(+), 35 deletions(-)

diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index 021011873fa..a34c1bee058 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -53,6 +53,14 @@ class AMP_Tag_And_Attribute_Sanitizer extends AMP_Base_Sanitizer {
 	 */
 	protected $layout_allowed_attributes;
 
+	/**
+	 * Mapping of alternative names back to their primary names.
+	 *
+	 * @since 0.7
+	 * @var array
+	 */
+	protected $rev_alternate_attr_name_lookup = array();
+
 	/**
 	 * Stack.
 	 *
@@ -102,16 +110,15 @@ public function __construct( $dom, $args = array() ) {
 			$this->allowed_tags[ $tag_name ][] = $tag_rule_spec;
 		}
 
-		// @todo Add the placeholder bind attribute to the alternative names instead.
 		foreach ( $this->allowed_tags as &$tag_specs ) {
 			foreach ( $tag_specs as &$tag_spec ) {
 				if ( isset( $tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] ) ) {
-					$tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] = $this->convert_bind_attributes( $tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] );
+					$tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] = $this->process_alternate_names( $tag_spec[ AMP_Rule_Spec::ATTR_SPEC_LIST ] );
 				}
 			}
 		}
-		$this->globally_allowed_attributes = $this->convert_bind_attributes( $this->args['amp_globally_allowed_attributes'] );
-		$this->layout_allowed_attributes   = $this->convert_bind_attributes( $this->args['amp_layout_allowed_attributes'] );
+		$this->globally_allowed_attributes = $this->process_alternate_names( $this->args['amp_globally_allowed_attributes'] );
+		$this->layout_allowed_attributes   = $this->process_alternate_names( $this->args['amp_layout_allowed_attributes'] );
 	}
 
 	/**
@@ -139,20 +146,28 @@ public function get_scripts() {
 	}
 
 	/**
-	 * Modify attribute spec list to replace AMP binding attributes with the placeholders.
+	 * Process alternative names in attribute spec list.
 	 *
 	 * @since 0.7
 	 *
 	 * @param array $attr_spec_list Attribute spec list.
 	 * @return array Modified attribute spec list.
 	 */
-	private function convert_bind_attributes( $attr_spec_list ) {
-		foreach ( array_keys( $attr_spec_list ) as $attr_name ) {
+	private function process_alternate_names( $attr_spec_list ) {
+		foreach ( $attr_spec_list as $attr_name => &$attr_spec ) {
 			if ( '[' === $attr_name[0] ) {
-				$actual_attr_name = $this->args['amp_bind_placeholder_prefix'] . trim( $attr_name, '[]' );
+				$placeholder_attr_name = $this->args['amp_bind_placeholder_prefix'] . trim( $attr_name, '[]' );
+				if ( ! isset( $attr_spec[ AMP_Rule_Spec::ALTERNATIVE_NAMES ] ) ) {
+					$attr_spec[ AMP_Rule_Spec::ALTERNATIVE_NAMES ] = array();
+				}
+				$attr_spec[ AMP_Rule_Spec::ALTERNATIVE_NAMES ][] = $placeholder_attr_name;
+			}
 
-				$attr_spec_list[ $actual_attr_name ] = $attr_spec_list[ $attr_name ];
-				unset( $attr_spec_list[ $attr_name ] );
+			// Save all alternative names in lookup to improve performance.
+			if ( isset( $attr_spec[ AMP_Rule_Spec::ALTERNATIVE_NAMES ] ) ) {
+				foreach ( $attr_spec[ AMP_Rule_Spec::ALTERNATIVE_NAMES ] as $alternative_name ) {
+					$this->rev_alternate_attr_name_lookup[ $alternative_name ] = $attr_name;
+				}
 			}
 		}
 		return $attr_spec_list;
@@ -306,11 +321,16 @@ private function process_node( $node ) {
 			return;
 		}
 
+		$merged_attr_spec_list = array_merge(
+			$this->globally_allowed_attributes,
+			$attr_spec_list
+		);
+
 		// Remove any remaining disallowed attributes.
-		$this->sanitize_disallowed_attributes_in_node( $node, $attr_spec_list );
+		$this->sanitize_disallowed_attributes_in_node( $node, $merged_attr_spec_list );
 
 		// Remove values that don't conform to the attr_spec.
-		$this->sanitize_disallowed_attribute_values_in_node( $node, $attr_spec_list );
+		$this->sanitize_disallowed_attribute_values_in_node( $node, $merged_attr_spec_list );
 
 		// Add required AMP component scripts if the element is still in the document.
 		if ( $node->parentNode ) {
@@ -554,33 +574,12 @@ private function sanitize_disallowed_attributes_in_node( $node, $attr_spec_list
 		$attrs_to_remove = array();
 		foreach ( $node->attributes as $attr_name => $attr_node ) {
 			if ( ! $this->is_amp_allowed_attribute( $attr_name, $attr_spec_list ) ) {
-				/**
-				 * This attribute is not allowed for this node; plan to remove it.
-				 */
 				$attrs_to_remove[] = $attr_name;
 			}
 		}
 
-		if ( ! empty( $attrs_to_remove ) ) {
-			/*
-			 * Ensure we are not removing attributes listed as an alternate
-			 * or allowed attributes, e.g. 'srcset' is an alternate for 'src'.
-			 */
-			foreach ( $attr_spec_list as $attr_name => $attr_spec_rule_value ) {
-				if ( isset( $attr_spec_rule_value[ AMP_Rule_Spec::ALTERNATIVE_NAMES ] ) ) {
-					foreach ( $attr_spec_rule_value[ AMP_Rule_Spec::ALTERNATIVE_NAMES ] as $alternative_name ) {
-						$alt_name_keys = array_keys( $attrs_to_remove, $alternative_name, true );
-						if ( ! empty( $alt_name_keys ) ) {
-							unset( $attrs_to_remove[ $alt_name_keys[0] ] );
-						}
-					}
-				}
-			}
-
-			// Remove the disallowed attributes.
-			foreach ( $attrs_to_remove as $attr_name ) {
-				$node->removeAttribute( $attr_name );
-			}
+		foreach ( $attrs_to_remove as $attr_name ) {
+			$node->removeAttribute( $attr_name );
 		}
 	}
 
@@ -1094,6 +1093,16 @@ private function is_amp_allowed_attribute( $attr_name, $attr_spec_list ) {
 				}
 			}
 		}
+
+		$is_allowed_alt_name_attr = (
+			isset( $this->rev_alternate_attr_name_lookup[ $attr_name ] )
+			&&
+			isset( $attr_spec_list[ $this->rev_alternate_attr_name_lookup[ $attr_name ] ] )
+		);
+		if ( $is_allowed_alt_name_attr ) {
+			return true;
+		}
+
 		return false;
 	}
 

From 4338252274a640dc6fb0d74af3405cf97dcd1360 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Wed, 24 Jan 2018 23:30:57 -0800
Subject: [PATCH 6/7] Automatically include amp-bind when a binding attribute
 is encountered

---
 .../class-amp-tag-and-attribute-sanitizer.php     | 15 +++++++++++++++
 tests/test-tag-and-attribute-sanitizer.php        |  1 +
 2 files changed, 16 insertions(+)

diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index a34c1bee058..16cd3a534be 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -340,6 +340,21 @@ private function process_node( $node ) {
 			if ( ! empty( $tag_spec['requires_extension'] ) ) {
 				$this->script_components = array_merge( $this->script_components, $tag_spec['requires_extension'] );
 			}
+
+			// Check if element needs amp-bind component.
+			if ( $node instanceof DOMElement && ! in_array( 'amp-bind', $this->script_components, true ) ) {
+				foreach ( $node->attributes as $name => $value ) {
+					$is_bind_attribute = (
+						'[' === $name[0]
+						||
+						( isset( $this->rev_alternate_attr_name_lookup[ $name ] ) && '[' === $this->rev_alternate_attr_name_lookup[ $name ][0] )
+					);
+					if ( $is_bind_attribute ) {
+						$this->script_components[] = 'amp-bind';
+						break;
+					}
+				}
+			}
 		}
 	}
 
diff --git a/tests/test-tag-and-attribute-sanitizer.php b/tests/test-tag-and-attribute-sanitizer.php
index 08e243e4199..f8923d5d841 100644
--- a/tests/test-tag-and-attribute-sanitizer.php
+++ b/tests/test-tag-and-attribute-sanitizer.php
@@ -614,6 +614,7 @@ public function get_data() {
 			'amp_bad_bind_attr' => array(
 				'<a [unrecognized] [href]="/">test</a><p [text]="\'Hello \' + name">Hello World</p>',
 				'<a [href]="/">test</a><p [text]="\'Hello \' + name">Hello World</p>',
+				array( 'amp-bind' ),
 			),
 		);
 	}

From 40d48e3e11ef3219efd741d2df22c2525fbd80ce Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Thu, 25 Jan 2018 09:34:51 -0800
Subject: [PATCH 7/7] Fix phpdoc and add comment re: a future AMP_DOMDocument

---
 includes/utils/class-amp-dom-utils.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/utils/class-amp-dom-utils.php b/includes/utils/class-amp-dom-utils.php
index bf217f7a3a4..cea51615da8 100644
--- a/includes/utils/class-amp-dom-utils.php
+++ b/includes/utils/class-amp-dom-utils.php
@@ -56,6 +56,7 @@ public static function get_dom( $document ) {
 
 		$dom = new DOMDocument();
 
+		// @todo In the future consider an AMP_DOMDocument subclass that does this automatically. See <https://github.com/Automattic/amp-wp/pull/895/files#r163825513>.
 		$document = self::convert_amp_bind_attributes( $document );
 
 		/*
@@ -100,7 +101,7 @@ public static function get_amp_bind_placeholder_prefix() {
 	/**
 	 * Replace AMP binding attributes with something that libxml can parse (as HTML5 data-* attributes).
 	 *
-	 * This is necessary necessary because attributes in square brackets are not understood in PHP and
+	 * This is necessary because attributes in square brackets are not understood in PHP and
 	 * get dropped with an error raised:
 	 * > Warning: DOMDocument::loadHTML(): error parsing attribute name
 	 * This is a reciprocal function of AMP_DOM_Utils::restore_amp_bind_attributes().
@@ -252,6 +253,7 @@ public static function get_content_from_dom( $dom ) {
 	 * @see Called by function get_content_from_dom()
 	 *
 	 * @since 0.6
+	 * @todo In the future consider an AMP_DOMDocument subclass that does this automatically at saveHTML(). See <https://github.com/Automattic/amp-wp/pull/895/files#r163825513>.
 	 *
 	 * @param DOMDocument $dom  Represents an HTML document.
 	 * @param DOMNode     $node Represents an HTML element of the $dom from which to extract HTML content.