Ticket #29539: 29539.2.patch

src/wp-admin/css/common.css

@@ -2817 +2817 @@
         border: 1px solid #ccc;
 }
 
+#plugin-information iframe {
+        max-width: 100%;
+}
+
 /* rtl:ignore */
 #plugin-information .review {
         overflow: hidden; /* clearfix */

src/wp-admin/includes/plugin-install.php

@@ -482 +482 @@
                 'div' => array( 'class' => array() ), 'span' => array( 'class' => array() ),
                 'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array(),
                 'h1' => array(), 'h2' => array(), 'h3' => array(), 'h4' => array(), 'h5' => array(), 'h6' => array(),
-                'img' => array( 'src' => array(), 'class' => array(), 'alt' => array() )
+                'img' => array( 'src' => array(), 'class' => array(), 'alt' => array() ),
+                'iframe' => array( 'src' => true, 'title' => true, 'allowfullscreen' => true, 'class' => true, 'width' => true, 'height' => true, 'type' => true )
         );
 
         $plugins_section_titles = array(
@@ -497 +498 @@
 
         // Sanitize HTML
         foreach ( (array) $api->sections as $section_name => $content ) {
-                $api->sections[$section_name] = wp_kses( $content, $plugins_allowedtags );
+                $content = wp_kses( $content, $plugins_allowedtags );
+                $api->sections[ $section_name ] = str_replace( '<iframe', '<iframe sandbox="allow-scripts allow-same-origin" security="restricted"', $content );
         }
 
         foreach ( array( 'version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug' ) as $key ) {