Commit Graph

20 Commits

Author SHA1 Message Date
Weston Ruter
a2cdce6c82 Embeds: Modernize wp-embed script with removal of obsolete IE10/IE11 code and support for WP<4.4.
* Remove obsolete `load` event handler in `wp-embed` since IE10+ support `DOMContentLoaded`.
* Replace obsolete use of `document.createElement('a')` in favor of the newer `URL` class (supported in all browsers but obsolete IE11).
* Remove obsolete IE10/IE11 code.
* Combine conditionals.
* Use `substring()` instead of deprecated `substr()` method.
* Eliminate the stipulation that `wp-embed.js` not include ampersands, considering this was put in place for WP<4.3 which now accounts for only 1.43% of sites. This includes the elimination of the `verify:wp-embed` grunt task.

Props westonruter, swissspidy.
Fixes #58974.

Built from https://develop.svn.wordpress.org/trunk@56383


git-svn-id: http://core.svn.wordpress.org/trunk@55895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-10 19:49:17 +00:00
audrasjb
d81f522a57 Embeds: Add protocol validation for WordPress Embed code.
Validate that links within auto-discovered embeds are using the `http` or `https` protocols before following links.

Props xknown, dd32, peterwilsoncc.


Built from https://develop.svn.wordpress.org/trunk@55763


git-svn-id: http://core.svn.wordpress.org/trunk@55275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 14:25:21 +00:00
desrosj
f27c6a5565 Build/Test Tools: Update some NPM dependencies to the latest versions.
This updates several NPM dependencies to the latest versions, including:

- `check-node-version` from `4.1.0` to `4.2.1`.
- `dotenv` from `10.0.0` to `16.0.0`.
- `dotenv-expand` from `5.1.0` to `8.0.3`.
- `grunt-contrib-concat` from `2.0.0` to `2.1.0`.
- `grunt-contrib-jshint` from `3.1.1` to `3.2.0`.
- `grunt-contrib-uglify` from `5.0.1` to `5.1.0`.
- `qunit` from `2.17.2` to `2.18.1`.
- `sass` from `1.43.4` to `1.50.0`.
- `sinon` from `12.0.1` to `13.0.1`.
- `sinon-test` from `3.1.1` to `3.1.3`.
- `uglify-js` from `3.14.3` to `3.15.3`.
- `wait-on` from `6.0.0` to `6.0.1`.

The updates to `dotenv` and `dotenv-expand` required a minor change to files using these packages.

Additionally, this contains several updates to the `package-lock.json` file as a result of running `npm audit fix`.

See #54727.
Built from https://develop.svn.wordpress.org/trunk@53113


git-svn-id: http://core.svn.wordpress.org/trunk@52702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-08 20:07:18 +00:00
Weston Ruter
9038612705 Embeds: Conditionally enqueue wp-embed only if needed and send ready message in case script loads after post embed windows.
* Prevent loading `wp-embed` script unconditionally on every page in favor of conditionally enqueueing when a post embed is detected. The `wp-embed` script is also explicitly marked as being in the footer group. Sites which currently disable post embed scripts from being enqueued via `remove_action( 'wp_head', 'wp_oembed_add_host_js' )` will continue to do so.
* Send a `ready` message from the host page to each post embed window in case the `iframe` loads before the `wp-embed` script does. When the `ready` message is received by the post embed window, it sends the same `height` message as it sends when it loads.
* Eliminate use of `grunt-include` to inject emoji script and the post embed script. Instead obtain the script contents via `file_get_contents()` (as is done elsewhere in core) and utilize `wp_print_inline_script_tag()`/`wp_get_inline_script_tag()` to construct out the script. This simplifies the logic and allows the running of src without `SCRIPT_DEBUG` enabled.
* For the embed code that users are provided to copy for embedding outside of WP, add the `secret` on the `blockquote` and `iframe`. This ensures the `blockquote` will be hidden when the `iframe` loads. The embed code in question is accessed here via `get_post_embed_html()`.

Props westonruter, swissspidy, pento, flixos90, ocean90.
Fixes #44632, #44306.

Built from https://develop.svn.wordpress.org/trunk@52132


git-svn-id: http://core.svn.wordpress.org/trunk@51724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-11 02:49:18 +00:00
desrosj
05f174acf6 Build/Test Tools: Update UglifyJS to the latest version.
This updates the `uglify-js` package from version `3.6.0` to `3.12.4`.

See #51801.
Built from https://develop.svn.wordpress.org/trunk@49940


git-svn-id: http://core.svn.wordpress.org/trunk@49639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-06 15:29:24 +00:00
Sergey Biryukov
49007e52bc Build/Test Tools: Add banner to RTL CSS and minified JS files.
Patches occasionally come in on generated files. We should be kind to new contributors and give them a hint that these files are auto-generated.

This is a follow-up to [41271], which added the banner to minified CSS files.

Fixes #48424. See #30666.
Built from https://develop.svn.wordpress.org/trunk@46589


git-svn-id: http://core.svn.wordpress.org/trunk@46386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 00:17:07 +00:00
Aaron Jorbin
0e21d32900 Build/Test: Bump devDependencies for WordPress 5.3
This upgrades a number of devDependencies.  Some of these include changes to how the tasks are configured.

Uglify: There are deprecated options from 2.x to 4.x, see: https://github.com/gruntjs/grunt-contrib-uglify#options

Autoprefixer: Browserslist now warns when passing in the browser list, so that is put into package.json

As with most changes to uglify, this changes every minified JS file.

Fixes #48203.



Built from https://develop.svn.wordpress.org/trunk@46408


git-svn-id: http://core.svn.wordpress.org/trunk@46206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-05 19:49:10 +00:00
Sergey Biryukov
e1b0d4ed7a Embeds: After [43593], move the new check to a separate line to avoid test_js_no_ampersands_in_compiled failure caused by UglifyJS task.
See #44832.
Built from https://develop.svn.wordpress.org/trunk@43597


git-svn-id: http://core.svn.wordpress.org/trunk@43426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 12:40:26 +00:00
Sergey Biryukov
07e2fba981 Embeds: Avoid a JS error in wp.receiveEmbedMessage if data parameter is not set.
Props dsifford, kadamwhite.
Fixes #44832.
Built from https://develop.svn.wordpress.org/trunk@43593


git-svn-id: http://core.svn.wordpress.org/trunk@43422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 10:30:24 +00:00
Pascal Birchler
98e8bf7ba2 Embeds: Correctly remove security attribute from iframes in IE 10 and IE 11.
This was originally added in 4.4, but presumably broke with [35708], which prevented these browsers from actually reaching the relevant code section.
Let's make embeds work again in IE 10 and IE 11.

Fixes #38694.
Built from https://develop.svn.wordpress.org/trunk@39347


git-svn-id: http://core.svn.wordpress.org/trunk@39287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 13:38:33 +00:00
Aaron Jorbin
32be6f7bb7 Bump grunt-contrib-uglify from 1.0.1 to 2.0.0
Sets `screwIE8` to false as it is now enabled by default

Files Changed:
build/wp-admin/js/customize-nav-menus.min.js
build/wp-admin/js/customize-widgets.min.js
build/wp-includes/js/customize-loader.min.js

Changelog:
2016-07-19   v2.0.0   Update uglify-js to v2.7.0. screwIE8 is enabled by default.
2016-07-19   v1.0.2   Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values.

See #38199.


Built from https://develop.svn.wordpress.org/trunk@39117


git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 05:40:34 +00:00
Pascal Birchler
0425e01d21 Embeds: Use a more accessible way to initially hide the iframe.
This fixes a bug in Firefox where assets inside the iframe aren't being displayed because they have no computed style.

See #35894.
Built from https://develop.svn.wordpress.org/trunk@36708


git-svn-id: http://core.svn.wordpress.org/trunk@36675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 10:23:27 +00:00
Pascal Birchler
383c422527 Embeds: Only display an iframe when it was successfully loaded.
This prevents showing a blank iframe by first checking if a message was successfully received from it.

Fixes #35894.
Built from https://develop.svn.wordpress.org/trunk@36648


git-svn-id: http://core.svn.wordpress.org/trunk@36615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 20:23:25 +00:00
Scott Taylor
8cf8e2c66d WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Gary Pendergast
603d3c0013 Embeds: Remove & characters from the inline embed JS.
Older versions of WordPress will convert those `&` characters to `&#038;`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.

Props pento, peterwilsoncc.

See #34698.


Built from https://develop.svn.wordpress.org/trunk@35708


git-svn-id: http://core.svn.wordpress.org/trunk@35672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-19 23:06:26 +00:00
Gary Pendergast
a2349a2377 Embeds: Fix support for embedding in non-WordPress sites.
This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour.

Props swissspidy.

Fixes #34451.


Built from https://develop.svn.wordpress.org/trunk@35577


git-svn-id: http://core.svn.wordpress.org/trunk@35541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 00:08:27 +00:00
Scott Taylor
382d455235 WP oEmbed: Improve height attribute sanitization
Props afercia, swissspidy.
Fixes #34527.

Built from https://develop.svn.wordpress.org/trunk@35478


git-svn-id: http://core.svn.wordpress.org/trunk@35442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:39:25 +00:00
Gary Pendergast
21393df10e Embeds: Add fallbacks for IE7-9.
Older IE versions need just that little bit of extra tender care to keep them going.

Props peterwilsoncc, swissspidy, pento.

Fixes #34204.


Built from https://develop.svn.wordpress.org/trunk@35466


git-svn-id: http://core.svn.wordpress.org/trunk@35430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 04:38:25 +00:00
Gary Pendergast
368e5f9fc3 Embeds: Provide a cached text fallback.
Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post.

Fixes #34462.


Built from https://develop.svn.wordpress.org/trunk@35437


git-svn-id: http://core.svn.wordpress.org/trunk@35401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 23:11:24 +00:00
Sergey Biryukov
a908d2d4b1 Embeds: Rename files, functions, and hooks added in [34903] to make it more clear what is oEmbed-specific and what isn't.
See https://core.trac.wordpress.org/ticket/34272#comment:7 for full list of renamed functions and hooks.

Props swissspidy.
Fixes #34272.
Built from https://develop.svn.wordpress.org/trunk@35235


git-svn-id: http://core.svn.wordpress.org/trunk@35201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-17 01:21:25 +00:00