WordPress.org

Make WordPress Core

Changeset 35577


Ignore:
Timestamp:
11/09/2015 12:07:03 AM (5 years ago)
Author:
pento
Message:

Embeds: Fix support for embedding in non-WordPress sites.

This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour.

Props swissspidy.

Fixes #34451.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/embed-functions.php

    r35485 r35577  
    461461    $embed_url = get_post_embed_url( $post );
    462462
    463     $output = '<blockquote><a href="' . get_permalink( $post ) . '">' . get_the_title( $post ) . "</a></blockquote>\n";
     463    $output = '<blockquote class="wp-embedded-content"><a href="' . esc_url( get_permalink( $post ) ) . '">' . get_the_title( $post ) . "</a></blockquote>\n";
    464464
    465465    $output .= "<script type='text/javascript'>\n";
     
    755755    $allowed_html = array(
    756756        'a'          => array(
    757                     'href' => true,
     757            'href'        => true,
    758758        ),
    759759        'blockquote' => array(),
     
    767767            'scrolling'    => true,
    768768            'title'        => true,
    769             'class'        => true,
    770769        ),
    771770    );
     
    783782        // We have a blockquote to fall back on. Hide the iframe by default.
    784783        $html = str_replace( '<iframe', '<iframe style="display:none;"', $html );
    785     }
    786 
    787     $html = str_replace( '<iframe', '<iframe sandbox="allow-scripts" security="restricted"', $html );
     784        $html = str_replace( '<blockquote', '<blockquote class="wp-embedded-content"', $html );
     785    }
     786
     787    $html = str_replace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html );
    788788
    789789    preg_match( '/ src=[\'"]([^\'"]*)[\'"]/', $html, $results );
     
    957957 */
    958958function _oembed_filter_feed_content( $content ) {
    959     return str_replace( '<iframe sandbox="allow-scripts" security="restricted" style="display:none;"', '<iframe sandbox="allow-scripts" security="restricted"', $content );
    960 }
     959    return str_replace( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="display:none;"', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $content );
     960}
  • trunk/src/wp-includes/js/wp-embed-template.js

    r35492 r35577  
    22    'use strict';
    33
    4     var secret = window.location.hash.replace( /.*secret=([\d\w]{10}).*/, '$1' ),
    5         supportedBrowser = ( document.querySelector && window.addEventListener ),
     4    var supportedBrowser = ( document.querySelector && window.addEventListener ),
    65        loaded = false,
     6        secret,
     7        secretTimeout,
    78        resizing;
    89
     
    178179    }
    179180
     181    /**
     182     * Re-get the secret when it was added later on.
     183     */
     184    function getSecret() {
     185        if ( window.self === window.top || !!secret ) {
     186            return;
     187        }
     188
     189        secret = window.location.hash.replace( /.*secret=([\d\w]{10}).*/, '$1' );
     190
     191        clearTimeout( secretTimeout );
     192
     193        secretTimeout = setTimeout( function () {
     194            getSecret();
     195        }, 100 );
     196    }
     197
    180198    if ( supportedBrowser ) {
     199        getSecret();
    181200        document.documentElement.className = document.documentElement.className.replace( /\bno-js\b/, '' ) + ' js';
    182201        document.addEventListener( 'DOMContentLoaded', onLoad, false );
  • trunk/src/wp-includes/js/wp-embed.js

    r35478 r35577  
    6565
    6666        var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ),
    67             isIE11 = !!navigator.userAgent.match( /Trident.*rv\:11\./ ),
    68             iframes, iframeClone, i;
     67            isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ),
     68            iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
     69            blockquotes = document.querySelectorAll( 'blockquote.wp-embedded-content' ),
     70            iframeClone, i, source, secret;
    6971
    70         /* Remove security attribute from iframes in IE10 and IE11. */
    71         if ( isIE10 || isIE11 ) {
    72             iframes = document.querySelectorAll( '.wp-embedded-content[security]' );
     72        for ( i = 0; i < blockquotes.length; i++ ) {
     73            blockquotes[ i ].style.display = 'none';
     74        }
    7375
    74             for ( i = 0; i < iframes.length; i++ ) {
    75                 iframeClone = iframes[ i ].cloneNode( true );
     76        for ( i = 0; i < iframes.length; i++ ) {
     77            source = iframes[ i ];
     78            source.style.display = '';
     79
     80            if ( !source.getAttribute( 'data-secret' ) ) {
     81                /* Add secret to iframe */
     82                secret = Math.random().toString( 36 ).substr( 2, 10 );
     83                source.src += '#?secret=' + secret;
     84                source.setAttribute( 'data-secret', secret );
     85            }
     86
     87            /* Remove security attribute from iframes in IE10 and IE11. */
     88            if ( ( isIE10 || isIE11 ) && !!source.getAttribute( 'security' ) ) {
     89                iframeClone = source.cloneNode( true );
    7690                iframeClone.removeAttribute( 'security' );
    77                 iframes[ i ].parentNode.replaceChild( iframeClone, iframes[ i ] );
     91                source.parentNode.replaceChild( iframeClone, source );
    7892            }
    7993        }
  • trunk/tests/phpunit/tests/oembed/filterResult.php

    r35437 r35577  
    2929        $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
    3030
    31         $this->assertEquals( '<iframe sandbox="allow-scripts" security="restricted"></iframe>', $actual );
     31        $this->assertEquals( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
    3232    }
    3333
     
    4242        $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
    4343
    44         $this->assertEquals( '<iframe sandbox="allow-scripts" security="restricted"></iframe>', $actual );
     44        $this->assertEquals( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
    4545    }
    4646
     
    8484        $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
    8585
    86         $this->assertEquals( '<blockquote></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual );
     86        $this->assertEquals( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual );
    8787    }
    8888
    8989    function test_filter_oembed_result_allowed_html() {
    90         $html   = '<blockquote><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>';
     90        $html   = '<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>';
    9191        $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
    9292
    93         $this->assertEquals( '<blockquote><a href=""></a></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual );
     93        $this->assertEquals( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual );
     94    }
     95
     96    /**
     97     * @group feed
     98     */
     99    function test_filter_feed_content() {
     100        $html   = '<blockquote></blockquote><iframe></iframe>';
     101        $actual = _oembed_filter_feed_content( wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ) );
     102
     103        $this->assertEquals( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
    94104    }
    95105}
Note: See TracChangeset for help on using the changeset viewer.