Make WordPress Core


Ignore:
Timestamp:
11/11/2021 02:47:10 AM (3 years ago)
Author:
westonruter
Message:

Embeds: Conditionally enqueue wp-embed only if needed and send ready message in case script loads after post embed windows.

  • Prevent loading wp-embed script unconditionally on every page in favor of conditionally enqueueing when a post embed is detected. The wp-embed script is also explicitly marked as being in the footer group. Sites which currently disable post embed scripts from being enqueued via remove_action( 'wp_head', 'wp_oembed_add_host_js' ) will continue to do so.
  • Send a ready message from the host page to each post embed window in case the iframe loads before the wp-embed script does. When the ready message is received by the post embed window, it sends the same height message as it sends when it loads.
  • Eliminate use of grunt-include to inject emoji script and the post embed script. Instead obtain the script contents via file_get_contents() (as is done elsewhere in core) and utilize wp_print_inline_script_tag()/wp_get_inline_script_tag() to construct out the script. This simplifies the logic and allows the running of src without SCRIPT_DEBUG enabled.
  • For the embed code that users are provided to copy for embedding outside of WP, add the secret on the blockquote and iframe. This ensures the blockquote will be hidden when the iframe loads. The embed code in question is accessed here via get_post_embed_html().

Props westonruter, swissspidy, pento, flixos90, ocean90.
Fixes #44632, #44306.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/oembed/getResponseData.php

    r52010 r52132  
    1111        // `get_post_embed_html()` assumes `wp-includes/js/wp-embed.js` is present:
    1212        self::touch( ABSPATH . WPINC . '/js/wp-embed.js' );
     13    }
     14
     15    private function normalize_secret_attribute( $data ) {
     16        if ( is_array( $data ) ) {
     17            $html = $data['html'];
     18        } else {
     19            $html = $data;
     20        }
     21
     22        $html = preg_replace( '/secret=("?)\w+\1/', 'secret=__SECRET__', $html );
     23
     24        if ( is_array( $data ) ) {
     25            $data['html'] = $html;
     26        } else {
     27            $data = $html;
     28        }
     29
     30        return $data;
    1331    }
    1432
     
    3755                'width'         => 400,
    3856                'height'        => 225,
    39                 'html'          => get_post_embed_html( 400, 225, $post ),
     57                'html'          => $this->normalize_secret_attribute( get_post_embed_html( 400, 225, $post ) ),
    4058            ),
    41             $data
     59            $this->normalize_secret_attribute( $data )
    4260        );
    4361    }
     
    7391                'width'         => 400,
    7492                'height'        => 225,
    75                 'html'          => get_post_embed_html( 400, 225, $post ),
     93                'html'          => $this->normalize_secret_attribute( get_post_embed_html( 400, 225, $post ) ),
    7694            ),
    77             $data
     95            $this->normalize_secret_attribute( $data )
    7896        );
    7997    }
Note: See TracChangeset for help on using the changeset viewer.