* Remove obsolete `load` event handler in `wp-embed` since IE10+ support `DOMContentLoaded`.
* Replace obsolete use of `document.createElement('a')` in favor of the newer `URL` class (supported in all browsers but obsolete IE11).
* Remove obsolete IE10/IE11 code.
* Combine conditionals.
* Use `substring()` instead of deprecated `substr()` method.
* Eliminate the stipulation that `wp-embed.js` not include ampersands, considering this was put in place for WP<4.3 which now accounts for only 1.43% of sites. This includes the elimination of the `verify:wp-embed` grunt task.
Props westonruter, swissspidy.
Fixes#58974.
Built from https://develop.svn.wordpress.org/trunk@56383
git-svn-id: http://core.svn.wordpress.org/trunk@55895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates several NPM dependencies to the latest versions, including:
- `check-node-version` from `4.1.0` to `4.2.1`.
- `dotenv` from `10.0.0` to `16.0.0`.
- `dotenv-expand` from `5.1.0` to `8.0.3`.
- `grunt-contrib-concat` from `2.0.0` to `2.1.0`.
- `grunt-contrib-jshint` from `3.1.1` to `3.2.0`.
- `grunt-contrib-uglify` from `5.0.1` to `5.1.0`.
- `qunit` from `2.17.2` to `2.18.1`.
- `sass` from `1.43.4` to `1.50.0`.
- `sinon` from `12.0.1` to `13.0.1`.
- `sinon-test` from `3.1.1` to `3.1.3`.
- `uglify-js` from `3.14.3` to `3.15.3`.
- `wait-on` from `6.0.0` to `6.0.1`.
The updates to `dotenv` and `dotenv-expand` required a minor change to files using these packages.
Additionally, this contains several updates to the `package-lock.json` file as a result of running `npm audit fix`.
See #54727.
Built from https://develop.svn.wordpress.org/trunk@53113
git-svn-id: http://core.svn.wordpress.org/trunk@52702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Prevent loading `wp-embed` script unconditionally on every page in favor of conditionally enqueueing when a post embed is detected. The `wp-embed` script is also explicitly marked as being in the footer group. Sites which currently disable post embed scripts from being enqueued via `remove_action( 'wp_head', 'wp_oembed_add_host_js' )` will continue to do so.
* Send a `ready` message from the host page to each post embed window in case the `iframe` loads before the `wp-embed` script does. When the `ready` message is received by the post embed window, it sends the same `height` message as it sends when it loads.
* Eliminate use of `grunt-include` to inject emoji script and the post embed script. Instead obtain the script contents via `file_get_contents()` (as is done elsewhere in core) and utilize `wp_print_inline_script_tag()`/`wp_get_inline_script_tag()` to construct out the script. This simplifies the logic and allows the running of src without `SCRIPT_DEBUG` enabled.
* For the embed code that users are provided to copy for embedding outside of WP, add the `secret` on the `blockquote` and `iframe`. This ensures the `blockquote` will be hidden when the `iframe` loads. The embed code in question is accessed here via `get_post_embed_html()`.
Props westonruter, swissspidy, pento, flixos90, ocean90.
Fixes#44632, #44306.
Built from https://develop.svn.wordpress.org/trunk@52132
git-svn-id: http://core.svn.wordpress.org/trunk@51724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Patches occasionally come in on generated files. We should be kind to new contributors and give them a hint that these files are auto-generated.
This is a follow-up to [41271], which added the banner to minified CSS files.
Fixes#48424. See #30666.
Built from https://develop.svn.wordpress.org/trunk@46589
git-svn-id: http://core.svn.wordpress.org/trunk@46386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sets `screwIE8` to false as it is now enabled by default
Files Changed:
build/wp-admin/js/customize-nav-menus.min.js
build/wp-admin/js/customize-widgets.min.js
build/wp-includes/js/customize-loader.min.js
Changelog:
2016-07-19 v2.0.0 Update uglify-js to v2.7.0. screwIE8 is enabled by default.
2016-07-19 v1.0.2 Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values.
See #38199.
Built from https://develop.svn.wordpress.org/trunk@39117
git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes#34831.
Built from https://develop.svn.wordpress.org/trunk@35761
git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.
Props pento, peterwilsoncc.
See #34698.
Built from https://develop.svn.wordpress.org/trunk@35708
git-svn-id: http://core.svn.wordpress.org/trunk@35672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post.
Fixes#34462.
Built from https://develop.svn.wordpress.org/trunk@35437
git-svn-id: http://core.svn.wordpress.org/trunk@35401 1a063a9b-81f0-0310-95a4-ce76da25c4cd