Changeset 56383
- Timestamp:
- 08/10/2023 07:47:08 PM (18 months ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Gruntfile.js
r56247 r56383 765 765 '!wp-admin/js/farbtastic.js', 766 766 '!wp-includes/js/swfobject.js', 767 '!wp-includes/js/wp-embed.js' // We have extra options for this, see uglify:embed. 768 ] 769 }, 770 embed: { 771 options: { 772 compress: { 773 conditionals: false 774 } 775 }, 776 expand: true, 777 cwd: WORKING_DIR, 778 dest: WORKING_DIR, 779 ext: '.min.js', 780 src: ['wp-includes/js/wp-embed.js'] 767 ] 781 768 }, 782 769 'jquery-ui': { … … 1462 1449 grunt.registerTask( 'uglify:all', [ 1463 1450 'uglify:core', 1464 'uglify:embed',1465 1451 'uglify:jquery-ui', 1466 1452 'uglify:imgareaselect', … … 1508 1494 */ 1509 1495 grunt.registerTask( 'verify:build', [ 1510 'verify:wp-embed',1511 1496 'verify:old-files', 1512 1497 'verify:source-maps', 1513 1498 ] ); 1514 1515 /**1516 * Build assertions for wp-embed.min.js.1517 *1518 * @ticket 346981519 */1520 grunt.registerTask( 'verify:wp-embed', function() {1521 const file = `${ BUILD_DIR }/wp-includes/js/wp-embed.min.js`;1522 1523 assert(1524 fs.existsSync( file ),1525 'The build/wp-includes/js/wp-embed.min.js file does not exist.'1526 );1527 1528 const contents = fs.readFileSync( file, {1529 encoding: 'utf8',1530 } );1531 1532 assert(1533 contents.length > 0,1534 'The build/wp-includes/js/wp-embed.min.js file must not be empty.'1535 );1536 assert(1537 false === contents.includes( '&' ),1538 'The build/wp-includes/js/wp-embed.min.js file must not contain ampersands.'1539 );1540 } );1541 1499 1542 1500 /** -
trunk/src/js/_enqueues/wp/embed.js
r55763 r56383 5 5 * @output wp-includes/js/wp-embed.js 6 6 * 7 * This file cannot have ampersands in it. This is to ensure 8 * it can be embedded in older versions of WordPress. 9 * See https://core.trac.wordpress.org/changeset/35708. 7 * Single line comments should not be used since they will break 8 * the script when inlined in get_post_embed_html(), specifically 9 * when the comments are not stripped out due to SCRIPT_DEBUG 10 * being turned on. 10 11 */ 11 12 (function ( window, document ) { 12 13 'use strict'; 13 14 14 var supportedBrowser = false, 15 loaded = false; 16 17 if ( document.querySelector ) { 18 if ( window.addEventListener ) { 19 supportedBrowser = true; 20 } 21 } 15 /* Abort for ancient browsers. */ 16 if ( ! document.querySelector || ! window.addEventListener || typeof URL === 'undefined' ) { 17 return; 18 } 22 19 23 20 /** @namespace wp */ 24 21 window.wp = window.wp || {}; 25 22 23 /* Abort if script was already executed. */ 26 24 if ( !! window.wp.receiveEmbedMessage ) { 27 25 return; … … 36 34 var data = e.data; 37 35 38 if ( ! data ) { 39 return; 40 } 41 42 if ( ! ( data.secret || data.message || data.value ) ) { 43 return; 44 } 45 46 if ( /[^a-zA-Z0-9]/.test( data.secret ) ) { 36 /* Verify shape of message. */ 37 if ( 38 ! ( data || data.secret || data.message || data.value ) || 39 /[^a-zA-Z0-9]/.test( data.secret ) 40 ) { 47 41 return; 48 42 } … … 66 60 source.removeAttribute( 'style' ); 67 61 68 /* Resize the iframe on request. */69 62 if ( 'height' === data.message ) { 63 /* Resize the iframe on request. */ 70 64 height = parseInt( data.value, 10 ); 71 65 if ( height > 1000 ) { … … 76 70 77 71 source.height = height; 78 } 72 } else if ( 'link' === data.message ) { 73 /* Link to a specific URL on request. */ 74 sourceURL = new URL( source.getAttribute( 'src' ) ); 75 targetURL = new URL( data.value ); 79 76 80 /* Link to a specific URL on request. */ 81 if ( 'link' === data.message ) { 82 sourceURL = document.createElement( 'a' ); 83 targetURL = document.createElement( 'a' ); 84 85 sourceURL.href = source.getAttribute( 'src' ); 86 targetURL.href = data.value; 87 88 /* Only follow link if the protocol is in the allow list. */ 89 if ( ! allowedProtocols.test( targetURL.protocol ) ) { 90 continue; 91 } 92 93 /* Only continue if link hostname matches iframe's hostname. */ 94 if ( targetURL.host === sourceURL.host ) { 95 if ( document.activeElement === source ) { 96 window.top.location.href = data.value; 97 } 77 if ( 78 allowedProtocols.test( targetURL.protocol ) && 79 targetURL.host === sourceURL.host && 80 document.activeElement === source 81 ) { 82 window.top.location.href = data.value; 98 83 } 99 84 } … … 102 87 103 88 function onLoad() { 104 if ( loaded ) { 105 return; 106 } 107 108 loaded = true; 109 110 var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ), 111 isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ), 112 iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ), 113 iframeClone, i, source, secret; 89 var iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ), 90 i, source, secret; 114 91 115 92 for ( i = 0; i < iframes.length; i++ ) { … … 120 97 if ( ! secret ) { 121 98 /* Add secret to iframe */ 122 secret = Math.random().toString( 36 ).substr ( 2, 10);99 secret = Math.random().toString( 36 ).substring( 2, 12 ); 123 100 source.src += '#?secret=' + secret; 124 101 source.setAttribute( 'data-secret', secret ); 125 }126 127 /* Remove security attribute from iframes in IE10 and IE11. */128 if ( ( isIE10 || isIE11 ) ) {129 iframeClone = source.cloneNode( true );130 iframeClone.removeAttribute( 'security' );131 source.parentNode.replaceChild( iframeClone, source );132 102 } 133 103 … … 144 114 } 145 115 146 if ( supportedBrowser ) { 147 window.addEventListener( 'message', window.wp.receiveEmbedMessage, false ); 148 document.addEventListener( 'DOMContentLoaded', onLoad, false ); 149 window.addEventListener( 'load', onLoad, false ); 150 } 116 window.addEventListener( 'message', window.wp.receiveEmbedMessage, false ); 117 document.addEventListener( 'DOMContentLoaded', onLoad, false ); 151 118 })( window, document ); -
trunk/tests/phpunit/tests/oembed/template.php
r52978 r56383 344 344 $this->assertFalse( $scripts->query( 'wp-embed', 'enqueued' ) ); 345 345 } 346 347 /**348 * Confirms that no ampersands exist in src/wp-includes/js/wp-embed.js.349 *350 * See also the `verify:wp-embed` Grunt task for verifying the built file.351 *352 * @ticket 34698353 */354 public function test_js_no_ampersands() {355 $this->assertStringNotContainsString( '&', file_get_contents( ABSPATH . WPINC . '/js/wp-embed.js' ) );356 }357 346 }
Note: See TracChangeset
for help on using the changeset viewer.