WordPress.org

Make WordPress Core

Ticket #29539: 29539.2.patch

File 29539.2.patch, 1.7 KB (added by ocean90, 4 years ago)
  • src/wp-admin/css/common.css

     
    28172817        border: 1px solid #ccc;
    28182818}
    28192819
     2820#plugin-information iframe {
     2821        max-width: 100%;
     2822}
     2823
    28202824/* rtl:ignore */
    28212825#plugin-information .review {
    28222826        overflow: hidden; /* clearfix */
  • src/wp-admin/includes/plugin-install.php

     
    482482                'div' => array( 'class' => array() ), 'span' => array( 'class' => array() ),
    483483                'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array(),
    484484                'h1' => array(), 'h2' => array(), 'h3' => array(), 'h4' => array(), 'h5' => array(), 'h6' => array(),
    485                 'img' => array( 'src' => array(), 'class' => array(), 'alt' => array() )
     485                'img' => array( 'src' => array(), 'class' => array(), 'alt' => array() ),
     486                'iframe' => array( 'src' => true, 'title' => true, 'allowfullscreen' => true, 'class' => true, 'width' => true, 'height' => true, 'type' => true )
    486487        );
    487488
    488489        $plugins_section_titles = array(
     
    497498
    498499        // Sanitize HTML
    499500        foreach ( (array) $api->sections as $section_name => $content ) {
    500                 $api->sections[$section_name] = wp_kses( $content, $plugins_allowedtags );
     501                $content = wp_kses( $content, $plugins_allowedtags );
     502                $api->sections[ $section_name ] = str_replace( '<iframe', '<iframe sandbox="allow-scripts allow-same-origin" security="restricted"', $content );
    501503        }
    502504
    503505        foreach ( array( 'version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug' ) as $key ) {