WordPress.org
Get WordPress

Make WordPress Core

Changeset 35478


Ignore:
Timestamp:
10/31/2015 08:38:07 PM (8 years ago)
Author:
wonderboymusic
Message:

WP oEmbed: Improve height attribute sanitization

Props afercia, swissspidy.
Fixes #34527.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/js/wp-embed.js

    r35466 r35478  
    3232            /* Resize the iframe on request. */
    3333            if ( 'height' === data.message ) {
    34                 height = data.value;
     34                height = parseInt( data.value, 10 );
    3535                if ( height > 1000 ) {
    3636                    height = 1000;
    37                 } else if ( height < 200 ) {
     37                } else if ( ~~height < 200 ) {
    3838                    height = 200;
    3939                }
    4040
    41                 source.height = (height) + 'px';
     41                source.height = height;
    4242            }
    4343
Note: See TracChangeset for help on using the changeset viewer.