Ticket #29539: 29539.2.patch
| File 29539.2.patch, 1.7 KB (added by , 4 years ago) |
|---|
-
src/wp-admin/css/common.css
2817 2817 border: 1px solid #ccc; 2818 2818 } 2819 2819 2820 #plugin-information iframe { 2821 max-width: 100%; 2822 } 2823 2820 2824 /* rtl:ignore */ 2821 2825 #plugin-information .review { 2822 2826 overflow: hidden; /* clearfix */ -
src/wp-admin/includes/plugin-install.php
482 482 'div' => array( 'class' => array() ), 'span' => array( 'class' => array() ), 483 483 'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array(), 484 484 'h1' => array(), 'h2' => array(), 'h3' => array(), 'h4' => array(), 'h5' => array(), 'h6' => array(), 485 'img' => array( 'src' => array(), 'class' => array(), 'alt' => array() ) 485 'img' => array( 'src' => array(), 'class' => array(), 'alt' => array() ), 486 'iframe' => array( 'src' => true, 'title' => true, 'allowfullscreen' => true, 'class' => true, 'width' => true, 'height' => true, 'type' => true ) 486 487 ); 487 488 488 489 $plugins_section_titles = array( … … 497 498 498 499 // Sanitize HTML 499 500 foreach ( (array) $api->sections as $section_name => $content ) { 500 $api->sections[$section_name] = wp_kses( $content, $plugins_allowedtags ); 501 $content = wp_kses( $content, $plugins_allowedtags ); 502 $api->sections[ $section_name ] = str_replace( '<iframe', '<iframe sandbox="allow-scripts allow-same-origin" security="restricted"', $content ); 501 503 } 502 504 503 505 foreach ( array( 'version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug' ) as $key ) {