Commit Graph

8 Commits

Author SHA1 Message Date
Andrew Nacin
9834e9993a Embeds: Enforce, via unit tests, the no-ampersand rule for wp-embed.js.
fixes #34698.

Built from https://develop.svn.wordpress.org/trunk@35762


git-svn-id: http://core.svn.wordpress.org/trunk@35726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 05:46:25 +00:00
Scott Taylor
8cf8e2c66d WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Gary Pendergast
603d3c0013 Embeds: Remove & characters from the inline embed JS.
Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.

Props pento, peterwilsoncc.

See #34698.


Built from https://develop.svn.wordpress.org/trunk@35708


git-svn-id: http://core.svn.wordpress.org/trunk@35672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-19 23:06:26 +00:00
Gary Pendergast
a2349a2377 Embeds: Fix support for embedding in non-WordPress sites.
This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour.

Props swissspidy.

Fixes #34451.


Built from https://develop.svn.wordpress.org/trunk@35577


git-svn-id: http://core.svn.wordpress.org/trunk@35541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 00:08:27 +00:00
Scott Taylor
382d455235 WP oEmbed: Improve height attribute sanitization
Props afercia, swissspidy.
Fixes #34527.

Built from https://develop.svn.wordpress.org/trunk@35478


git-svn-id: http://core.svn.wordpress.org/trunk@35442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:39:25 +00:00
Gary Pendergast
21393df10e Embeds: Add fallbacks for IE7-9.
Older IE versions need just that little bit of extra tender care to keep them going.

Props peterwilsoncc, swissspidy, pento.

Fixes #34204.


Built from https://develop.svn.wordpress.org/trunk@35466


git-svn-id: http://core.svn.wordpress.org/trunk@35430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 04:38:25 +00:00
Gary Pendergast
368e5f9fc3 Embeds: Provide a cached text fallback.
Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post.

Fixes #34462.


Built from https://develop.svn.wordpress.org/trunk@35437


git-svn-id: http://core.svn.wordpress.org/trunk@35401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 23:11:24 +00:00
Sergey Biryukov
a908d2d4b1 Embeds: Rename files, functions, and hooks added in [34903] to make it more clear what is oEmbed-specific and what isn't.
See https://core.trac.wordpress.org/ticket/34272#comment:7 for full list of renamed functions and hooks.

Props swissspidy.
Fixes #34272.
Built from https://develop.svn.wordpress.org/trunk@35235


git-svn-id: http://core.svn.wordpress.org/trunk@35201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-17 01:21:25 +00:00