diff --git a/wp-includes/js/wp-embed.js b/wp-includes/js/wp-embed.js
index 58ae034f49..315e573f5c 100644
--- a/wp-includes/js/wp-embed.js
+++ b/wp-includes/js/wp-embed.js
@@ -4,25 +4,23 @@
  * @since 4.4.0
  * @output wp-includes/js/wp-embed.js
  *
- * This file cannot have ampersands in it. This is to ensure
- * it can be embedded in older versions of WordPress.
- * See https://core.trac.wordpress.org/changeset/35708.
+ * Single line comments should not be used since they will break
+ * the script when inlined in get_post_embed_html(), specifically
+ * when the comments are not stripped out due to SCRIPT_DEBUG
+ * being turned on.
  */
 (function ( window, document ) {
 	'use strict';
 
-	var supportedBrowser = false,
-		loaded = false;
-
-		if ( document.querySelector ) {
-			if ( window.addEventListener ) {
-				supportedBrowser = true;
-			}
-		}
+	/* Abort for ancient browsers. */
+	if ( ! document.querySelector || ! window.addEventListener || typeof URL === 'undefined' ) {
+		return;
+	}
 
 	/** @namespace wp */
 	window.wp = window.wp || {};
 
+	/* Abort if script was already executed. */
 	if ( !! window.wp.receiveEmbedMessage ) {
 		return;
 	}
@@ -35,15 +33,11 @@
 	window.wp.receiveEmbedMessage = function( e ) {
 		var data = e.data;
 
-		if ( ! data ) {
-			return;
-		}
-
-		if ( ! ( data.secret || data.message || data.value ) ) {
-			return;
-		}
-
-		if ( /[^a-zA-Z0-9]/.test( data.secret ) ) {
+		/* Verify shape of message. */
+		if (
+			! ( data || data.secret || data.message || data.value ) ||
+			/[^a-zA-Z0-9]/.test( data.secret )
+		) {
 			return;
 		}
 
@@ -65,8 +59,8 @@
 
 			source.removeAttribute( 'style' );
 
-			/* Resize the iframe on request. */
 			if ( 'height' === data.message ) {
+				/* Resize the iframe on request. */
 				height = parseInt( data.value, 10 );
 				if ( height > 1000 ) {
 					height = 1000;
@@ -75,42 +69,25 @@
 				}
 
 				source.height = height;
-			}
+			} else if ( 'link' === data.message ) {
+				/* Link to a specific URL on request. */
+				sourceURL = new URL( source.getAttribute( 'src' ) );
+				targetURL = new URL( data.value );
 
-			/* Link to a specific URL on request. */
-			if ( 'link' === data.message ) {
-				sourceURL = document.createElement( 'a' );
-				targetURL = document.createElement( 'a' );
-
-				sourceURL.href = source.getAttribute( 'src' );
-				targetURL.href = data.value;
-
-				/* Only follow link if the protocol is in the allow list. */
-				if ( ! allowedProtocols.test( targetURL.protocol ) ) {
-					continue;
-				}
-
-				/* Only continue if link hostname matches iframe's hostname. */
-				if ( targetURL.host === sourceURL.host ) {
-					if ( document.activeElement === source ) {
-						window.top.location.href = data.value;
-					}
+				if (
+					allowedProtocols.test( targetURL.protocol ) &&
+					targetURL.host === sourceURL.host &&
+					document.activeElement === source
+				) {
+					window.top.location.href = data.value;
 				}
 			}
 		}
 	};
 
 	function onLoad() {
-		if ( loaded ) {
-			return;
-		}
-
-		loaded = true;
-
-		var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ),
-			isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ),
-			iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
-			iframeClone, i, source, secret;
+		var iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
+			i, source, secret;
 
 		for ( i = 0; i < iframes.length; i++ ) {
 			/** @var {IframeElement} */
@@ -119,18 +96,11 @@
 			secret = source.getAttribute( 'data-secret' );
 			if ( ! secret ) {
 				/* Add secret to iframe */
-				secret = Math.random().toString( 36 ).substr( 2, 10 );
+				secret = Math.random().toString( 36 ).substring( 2, 12 );
 				source.src += '#?secret=' + secret;
 				source.setAttribute( 'data-secret', secret );
 			}
 
-			/* Remove security attribute from iframes in IE10 and IE11. */
-			if ( ( isIE10 || isIE11 ) ) {
-				iframeClone = source.cloneNode( true );
-				iframeClone.removeAttribute( 'security' );
-				source.parentNode.replaceChild( iframeClone, source );
-			}
-
 			/*
 			 * Let post embed window know that the parent is ready for receiving the height message, in case the iframe
 			 * loaded before wp-embed.js was loaded. When the ready message is received by the post embed window, the
@@ -143,9 +113,6 @@
 		}
 	}
 
-	if ( supportedBrowser ) {
-		window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
-		document.addEventListener( 'DOMContentLoaded', onLoad, false );
-		window.addEventListener( 'load', onLoad, false );
-	}
+	window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
+	document.addEventListener( 'DOMContentLoaded', onLoad, false );
 })( window, document );
diff --git a/wp-includes/js/wp-embed.min.js b/wp-includes/js/wp-embed.min.js
index 3ef2f3c414..c988bab6f9 100644
--- a/wp-includes/js/wp-embed.min.js
+++ b/wp-includes/js/wp-embed.min.js
@@ -1,2 +1,2 @@
 /*! This file is auto-generated */
-!function(c,d){"use strict";var e=!1,o=!1;if(d.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp||{},c.wp.receiveEmbedMessage);else if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(!t);else if(!(t.secret||t.message||t.value));else if(/[^a-zA-Z0-9]/.test(t.secret));else{for(var r,s,a,i=d.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=d.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=new RegExp("^https?:$","i"),l=0;l<n.length;l++)n[l].style.display="none";for(l=0;l<i.length;l++)if(r=i[l],e.source!==r.contentWindow);else{if(r.removeAttribute("style"),"height"===t.message){if(1e3<(s=parseInt(t.value,10)))s=1e3;else if(~~s<200)s=200;r.height=s}if("link"===t.message)if(s=d.createElement("a"),a=d.createElement("a"),s.href=r.getAttribute("src"),a.href=t.value,!o.test(a.protocol));else if(a.host===s.host)if(d.activeElement===r)c.top.location.href=t.value}}},e)c.addEventListener("message",c.wp.receiveEmbedMessage,!1),d.addEventListener("DOMContentLoaded",t,!1),c.addEventListener("load",t,!1);function t(){if(o);else{o=!0;for(var e,t,r,s=-1!==navigator.appVersion.indexOf("MSIE 10"),a=!!navigator.userAgent.match(/Trident.*rv:11\./),i=d.querySelectorAll("iframe.wp-embedded-content"),n=0;n<i.length;n++){if(!(r=(t=i[n]).getAttribute("data-secret")))r=Math.random().toString(36).substr(2,10),t.src+="#?secret="+r,t.setAttribute("data-secret",r);if(s||a)(e=t.cloneNode(!0)).removeAttribute("security"),t.parentNode.replaceChild(e,t);t.contentWindow.postMessage({message:"ready",secret:r},"*")}}}}(window,document);
\ No newline at end of file
+!function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document);
\ No newline at end of file
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 917e833219..401ff9abc0 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.4-alpha-56382';
+$wp_version = '6.4-alpha-56383';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.