Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-09 04:11:10 +01:00
Code Issues Projects Releases Wiki Activity
32,827 Commits 50 Branches 747 Tags 791 MiB
ce18aadc7b
Commit Graph

3 Commits

Author SHA1 Message Date
Scott Taylor
8cf8e2c66d WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances. 
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-03 20:17:25 +00:00
Dominik Schilling
22fe87c3b3 Build: Update source for includes:embed after [35718]. 
See #33413.
Built from https://develop.svn.wordpress.org/trunk@35720


git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-20 15:37:26 +00:00
Andrew Nacin
1579e45d41 Simplify the include graph after work to split out classes. 
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-20 07:24:30 +00:00