diff --git src/wp-includes/embed-functions.php src/wp-includes/embed-functions.php
index 2f430b5..7d61574 100644
|
|
|
function get_post_embed_html( $post = null, $width, $height ) { |
| 460 | 460 | |
| 461 | 461 | $embed_url = get_post_embed_url( $post ); |
| 462 | 462 | |
| 463 | | $output = '<blockquote><a href="' . get_permalink( $post ) . '">' . get_the_title( $post ) . "</a></blockquote>\n"; |
| | 463 | $output = '<blockquote class="wp-embedded-content"><a href="' . esc_url( get_permalink( $post ) ) . '">' . get_the_title( $post ) . "</a></blockquote>\n"; |
| 464 | 464 | |
| 465 | 465 | $output .= "<script type='text/javascript'>\n"; |
| 466 | 466 | $output .= "<!--//--><![CDATA[//><!--\n"; |
| … |
… |
function wp_filter_oembed_result( $result, $data, $url ) { |
| 754 | 754 | |
| 755 | 755 | $allowed_html = array( |
| 756 | 756 | 'a' => array( |
| 757 | | 'href' => true, |
| | 757 | 'href' => true, |
| 758 | 758 | ), |
| 759 | 759 | 'blockquote' => array(), |
| 760 | 760 | 'iframe' => array( |
| … |
… |
function wp_filter_oembed_result( $result, $data, $url ) { |
| 766 | 766 | 'marginheight' => true, |
| 767 | 767 | 'scrolling' => true, |
| 768 | 768 | 'title' => true, |
| 769 | | 'class' => true, |
| 770 | 769 | ), |
| 771 | 770 | ); |
| 772 | 771 | |
| … |
… |
function wp_filter_oembed_result( $result, $data, $url ) { |
| 782 | 781 | if ( ! empty( $content[1] ) ) { |
| 783 | 782 | // We have a blockquote to fall back on. Hide the iframe by default. |
| 784 | 783 | $html = str_replace( '<iframe', '<iframe style="display:none;"', $html ); |
| | 784 | $html = str_replace( '<blockquote', '<blockquote class="wp-embedded-content"', $html ); |
| 785 | 785 | } |
| 786 | 786 | |
| 787 | | $html = str_replace( '<iframe', '<iframe |
| | 787 | $html = str_replace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html ); |
| 788 | 788 | |
| 789 | 789 | preg_match( '/ src=[\'"]([^\'"]*)[\'"]/', $html, $results ); |
| 790 | 790 | |
diff --git src/wp-includes/js/wp-embed-template.js src/wp-includes/js/wp-embed-template.js
index b1dc73a..cbada0d 100644
|
|
|
|
| 1 | 1 | (function ( window, document ) { |
| 2 | 2 | 'use strict'; |
| 3 | 3 | |
| 4 | | var secret = window.location.hash.replace( /.*secret=([\d\w]{10}).*/, '$1' ), |
| 5 | | supportedBrowser = ( document.querySelector && window.addEventListener ), |
| | 4 | var supportedBrowser = ( document.querySelector && window.addEventListener ), |
| 6 | 5 | loaded = false, |
| | 6 | secret, |
| | 7 | secretTimeout, |
| 7 | 8 | resizing; |
| 8 | 9 | |
| 9 | 10 | function sendEmbedMessage( message, value ) { |
| … |
… |
|
| 163 | 164 | }, 100 ); |
| 164 | 165 | } |
| 165 | 166 | |
| | 167 | /** |
| | 168 | * Re-get the secret when it was added later on. |
| | 169 | */ |
| | 170 | function getSecret() { |
| | 171 | if ( window.self === window.top || !!secret ) { |
| | 172 | return; |
| | 173 | } |
| | 174 | |
| | 175 | secret = window.location.hash.replace( /.*secret=([\d\w]{10}).*/, '$1' ); |
| | 176 | |
| | 177 | clearTimeout( secretTimeout ); |
| | 178 | |
| | 179 | secretTimeout = setTimeout( function () { |
| | 180 | getSecret(); |
| | 181 | }, 100 ); |
| | 182 | } |
| | 183 | |
| 166 | 184 | if ( supportedBrowser ) { |
| | 185 | getSecret(); |
| 167 | 186 | document.documentElement.className = document.documentElement.className.replace( /\bno-js\b/, '' ) + ' js'; |
| 168 | 187 | document.addEventListener( 'DOMContentLoaded', onLoad, false ); |
| 169 | 188 | window.addEventListener( 'load', onLoad, false ); |
diff --git src/wp-includes/js/wp-embed.js src/wp-includes/js/wp-embed.js
index db1fe5b..6a16f17 100644
|
|
|
|
| 64 | 64 | loaded = true; |
| 65 | 65 | |
| 66 | 66 | var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ), |
| 67 | | isIE11 = !!navigator.userAgent.match( /Trident.*rv\:11\./ ), |
| 68 | | iframes, iframeClone, i; |
| | 67 | isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ), |
| | 68 | iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ), |
| | 69 | blockquotes = document.querySelectorAll( 'blockquote.wp-embedded-content' ), |
| | 70 | iframeClone, i, source, secret; |
| 69 | 71 | |
| 70 | | /* Remove security attribute from iframes in IE10 and IE11. */ |
| 71 | | if ( isIE10 || isIE11 ) { |
| 72 | | iframes = document.querySelectorAll( '.wp-embedded-content[security]' ); |
| | 72 | for ( i = 0; i < blockquotes.length; i++ ) { |
| | 73 | blockquotes[ i ].style.display = 'none'; |
| | 74 | } |
| | 75 | |
| | 76 | for ( i = 0; i < iframes.length; i++ ) { |
| | 77 | source = iframes[ i ]; |
| | 78 | source.style.display = ''; |
| | 79 | |
| | 80 | if ( !source.getAttribute( 'data-secret' ) ) { |
| | 81 | /* Add secret to iframe */ |
| | 82 | secret = Math.random().toString( 36 ).substr( 2, 10 ); |
| | 83 | source.src += '#?secret=' + secret; |
| | 84 | source.setAttribute( 'data-secret', secret ); |
| | 85 | } |
| 73 | 86 | |
| 74 | | for ( i = 0; i < iframes.length; i++ ) { |
| 75 | | iframeClone = iframes[ i ].cloneNode( true ); |
| | 87 | /* Remove security attribute from iframes in IE10 and IE11. */ |
| | 88 | if ( ( isIE10 || isIE11 ) && !!source.getAttribute( 'security' ) ) { |
| | 89 | iframeClone = source.cloneNode( true ); |
| 76 | 90 | iframeClone.removeAttribute( 'security' ); |
| 77 | | iframes[ i ].parentNode.replaceChild( iframeClone, iframes[ i ] ); |
| | 91 | source.parentNode.replaceChild( iframeClone, source ); |
| 78 | 92 | } |
| 79 | 93 | } |
| 80 | 94 | } |
diff --git tests/phpunit/tests/oembed/filterResult.php tests/phpunit/tests/oembed/filterResult.php
index 7559f62..643fc80 100644
|
|
|
class Tests_Filter_oEmbed_Result extends WP_UnitTestCase { |
| 28 | 28 | $html = '<div><iframe></iframe><iframe></iframe><p></p></div>'; |
| 29 | 29 | $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ); |
| 30 | 30 | |
| 31 | | $this->assertEquals( '<iframe |
| | 31 | $this->assertEquals( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual ); |
| 32 | 32 | } |
| 33 | 33 | |
| 34 | 34 | function test_filter_oembed_result_with_newlines() { |
| … |
… |
EOD; |
| 41 | 41 | |
| 42 | 42 | $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ); |
| 43 | 43 | |
| 44 | | $this->assertEquals( '<iframe |
| | 44 | $this->assertEquals( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual ); |
| 45 | 45 | } |
| 46 | 46 | |
| 47 | 47 | function test_filter_oembed_result_without_iframe() { |
| … |
… |
EOD; |
| 83 | 83 | $html = '<blockquote></blockquote><iframe></iframe>'; |
| 84 | 84 | $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ); |
| 85 | 85 | |
| 86 | | $this->assertEquals( '<blockquote></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual ); |
| | 86 | $this->assertEquals( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual ); |
| 87 | 87 | } |
| 88 | 88 | |
| 89 | 89 | function test_filter_oembed_result_allowed_html() { |
| 90 | | $html = '<blockquote |
| | 90 | $html = '<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>'; |
| 91 | 91 | $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ); |
| 92 | 92 | |
| 93 | | $this->assertEquals( '<blockquote><a href=""></a></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual ); |
| | 93 | $this->assertEquals( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual ); |
| 94 | 94 | } |
| 95 | 95 | } |