Changeset 55790 for branches/5.1/src/js/_enqueues/wp/embed.js
- Timestamp:
- 05/16/2023 04:01:50 PM (11 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.1/src/js/_enqueues/wp/embed.js
r43597 r55790 45 45 var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ), 46 46 blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ), 47 allowedProtocols = new RegExp( '^https?:$', 'i' ), 47 48 i, source, height, sourceURL, targetURL; 48 49 … … 79 80 sourceURL.href = source.getAttribute( 'src' ); 80 81 targetURL.href = data.value; 82 83 /* Only follow link if the protocol is in the allow list. */ 84 if ( ! allowedProtocols.test( targetURL.protocol ) ) { 85 continue; 86 } 81 87 82 88 /* Only continue if link hostname matches iframe's hostname. */
Note: See TracChangeset
for help on using the changeset viewer.