WP oEmbed: Improve height attribute sanitization

Props afercia, swissspidy.
Fixes #34527.

Built from https://develop.svn.wordpress.org/trunk@35478


git-svn-id: http://core.svn.wordpress.org/trunk@35442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2015-10-31 20:39:25 +00:00
parent 35dd8003b0
commit 382d455235
4 changed files with 6 additions and 6 deletions

View File

@ -478,7 +478,7 @@ function get_post_embed_html( $width, $height, $post = null ) {
* and edit wp-embed.js directly.
*/
$output .=<<<JS
!function(a,b){"use strict";function c(){if(!e){e=!0;var a,c,d,f=-1!==navigator.appVersion.indexOf("MSIE 10"),g=!!navigator.userAgent.match(/Trident.*rv\:11\./);if(f||g)for(a=b.querySelectorAll(".wp-embedded-content[security]"),d=0;d<a.length;d++)c=a[d].cloneNode(!0),c.removeAttribute("security"),a[d].parentNode.replaceChild(c,a[d])}}var d=b.querySelector&&a.addEventListener,e=!1;a.wp=a.wp||{},a.wp.receiveEmbedMessage||(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value){var e,f,g,h,i,j=b.querySelectorAll('iframe[data-secret="'+d.secret+'"]'),k=b.querySelectorAll('blockquote[data-secret="'+d.secret+'"]');for(e=0;e<k.length;e++)k[e].style.display="none";for(e=0;e<j.length;e++)f=j[e],f.style.display="","height"===d.message&&(g=d.value,g>1e3?g=1e3:200>g&&(g=200),f.height=g+"px"),"link"===d.message&&(h=b.createElement("a"),i=b.createElement("a"),h.href=f.getAttribute("src"),i.href=d.value,i.host===h.host&&b.activeElement===f&&(a.top.location.href=d.value))}},d&&(a.addEventListener("message",a.wp.receiveEmbedMessage,!1),b.addEventListener("DOMContentLoaded",c,!1),a.addEventListener("load",c,!1)))}(window,document);
!function(a,b){"use strict";function c(){if(!e){e=!0;var a,c,d,f=-1!==navigator.appVersion.indexOf("MSIE 10"),g=!!navigator.userAgent.match(/Trident.*rv\:11\./);if(f||g)for(a=b.querySelectorAll(".wp-embedded-content[security]"),d=0;d<a.length;d++)c=a[d].cloneNode(!0),c.removeAttribute("security"),a[d].parentNode.replaceChild(c,a[d])}}var d=b.querySelector&&a.addEventListener,e=!1;a.wp=a.wp||{},a.wp.receiveEmbedMessage||(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value){var e,f,g,h,i,j=b.querySelectorAll('iframe[data-secret="'+d.secret+'"]'),k=b.querySelectorAll('blockquote[data-secret="'+d.secret+'"]');for(e=0;e<k.length;e++)k[e].style.display="none";for(e=0;e<j.length;e++)f=j[e],f.style.display="","height"===d.message&&(g=parseInt(d.value,10),g>1e3?g=1e3:200>~~g&&(g=200),f.height=g),"link"===d.message&&(h=b.createElement("a"),i=b.createElement("a"),h.href=f.getAttribute("src"),i.href=d.value,i.host===h.host&&b.activeElement===f&&(a.top.location.href=d.value))}},d&&(a.addEventListener("message",a.wp.receiveEmbedMessage,!1),b.addEventListener("DOMContentLoaded",c,!1),a.addEventListener("load",c,!1)))}(window,document);
JS;
}
$output .= "\n//--><!]]>";

View File

@ -31,14 +31,14 @@
/* Resize the iframe on request. */
if ( 'height' === data.message ) {
height = data.value;
height = parseInt( data.value, 10 );
if ( height > 1000 ) {
height = 1000;
} else if ( height < 200 ) {
} else if ( ~~height < 200 ) {
height = 200;
}
source.height = (height) + 'px';
source.height = height;
}
/* Link to a specific URL on request. */

View File

@ -1 +1 @@
!function(a,b){"use strict";function c(){if(!e){e=!0;var a,c,d,f=-1!==navigator.appVersion.indexOf("MSIE 10"),g=!!navigator.userAgent.match(/Trident.*rv\:11\./);if(f||g)for(a=b.querySelectorAll(".wp-embedded-content[security]"),d=0;d<a.length;d++)c=a[d].cloneNode(!0),c.removeAttribute("security"),a[d].parentNode.replaceChild(c,a[d])}}var d=b.querySelector&&a.addEventListener,e=!1;a.wp=a.wp||{},a.wp.receiveEmbedMessage||(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value){var e,f,g,h,i,j=b.querySelectorAll('iframe[data-secret="'+d.secret+'"]'),k=b.querySelectorAll('blockquote[data-secret="'+d.secret+'"]');for(e=0;e<k.length;e++)k[e].style.display="none";for(e=0;e<j.length;e++)f=j[e],f.style.display="","height"===d.message&&(g=d.value,g>1e3?g=1e3:200>g&&(g=200),f.height=g+"px"),"link"===d.message&&(h=b.createElement("a"),i=b.createElement("a"),h.href=f.getAttribute("src"),i.href=d.value,i.host===h.host&&b.activeElement===f&&(a.top.location.href=d.value))}},d&&(a.addEventListener("message",a.wp.receiveEmbedMessage,!1),b.addEventListener("DOMContentLoaded",c,!1),a.addEventListener("load",c,!1)))}(window,document);
!function(a,b){"use strict";function c(){if(!e){e=!0;var a,c,d,f=-1!==navigator.appVersion.indexOf("MSIE 10"),g=!!navigator.userAgent.match(/Trident.*rv\:11\./);if(f||g)for(a=b.querySelectorAll(".wp-embedded-content[security]"),d=0;d<a.length;d++)c=a[d].cloneNode(!0),c.removeAttribute("security"),a[d].parentNode.replaceChild(c,a[d])}}var d=b.querySelector&&a.addEventListener,e=!1;a.wp=a.wp||{},a.wp.receiveEmbedMessage||(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value){var e,f,g,h,i,j=b.querySelectorAll('iframe[data-secret="'+d.secret+'"]'),k=b.querySelectorAll('blockquote[data-secret="'+d.secret+'"]');for(e=0;e<k.length;e++)k[e].style.display="none";for(e=0;e<j.length;e++)f=j[e],f.style.display="","height"===d.message&&(g=parseInt(d.value,10),g>1e3?g=1e3:200>~~g&&(g=200),f.height=g),"link"===d.message&&(h=b.createElement("a"),i=b.createElement("a"),h.href=f.getAttribute("src"),i.href=d.value,i.host===h.host&&b.activeElement===f&&(a.top.location.href=d.value))}},d&&(a.addEventListener("message",a.wp.receiveEmbedMessage,!1),b.addEventListener("DOMContentLoaded",c,!1),a.addEventListener("load",c,!1)))}(window,document);

View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.4-beta2-35477';
$wp_version = '4.4-beta2-35478';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.