Commit Graph

8 Commits

Author SHA1 Message Date
Aaron Campbell
78462a6178 oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
Merges [41448] to 4.4 branch.


Built from https://develop.svn.wordpress.org/branches/4.4@41455


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:51:01 +00:00
Dominik Schilling
3f478808ae Embeds: URL encode YouTube video IDs for broader compatibility.
Merge of [40160] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40164


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:06:34 +00:00
Pascal Birchler
0a517e47ec Embeds: Improve performance when embedding a post from the current site.
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.

Merge of [37708], [37710] and [37729] to the 4.4 branch.

Fixes #36767.
Built from https://develop.svn.wordpress.org/branches/4.4@37798


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:42:29 +00:00
Pascal Birchler
eb51235b19 Embeds: Improve how iframes are loaded after being initially hidden.
Use a more accessible way to initially hide the iframe. After that, only display an iframe when it was successfully loaded.

Merge of [36648] and [36708] to the 4.4 branch.

Fixes #35894.
Built from https://develop.svn.wordpress.org/branches/4.4@37093


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 10:57:27 +00:00
Gary Pendergast
9f78d3f9c3 Embeds: Don't show embed discovery link on a static front page.
There's currently no iframe content being generated for a static front page. Giving out a link to that isn't an ideal user experience.

Props peterwilsoncc.

Merge of [36059] to the 4.4 branch.

Fixes #35194.


Built from https://develop.svn.wordpress.org/branches/4.4@36060


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-22 10:55:26 +00:00
Scott Taylor
8cf8e2c66d WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Dominik Schilling
22fe87c3b3 Build: Update source for includes:embed after [35718].
See #33413.
Built from https://develop.svn.wordpress.org/trunk@35720


git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:37:26 +00:00
Andrew Nacin
1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00