Index: wp-includes/js/wp-embed.js
===================================================================
--- wp-includes/js/wp-embed.js	(revision 35756)
+++ wp-includes/js/wp-embed.js	(working copy)
@@ -17,13 +17,18 @@
 	}
 
 	window.wp.receiveEmbedMessage = function( e ) {
-		var data = e.data;
+		var data = e.data, secret;
 		if ( ! ( data.secret || data.message || data.value ) ) {
 			return;
 		}
 
-		var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
-			blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
+		secret = data.secret.replace( /[^a-zA-Z0-9]/g, '' );
+		if ( secret !== data.secret ) {
+			return;
+		}
+
+		var iframes = document.querySelectorAll( 'iframe[data-secret="' + secret + '"]' ),
+			blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + secret + '"]' ),
 			i, source, height, sourceURL, targetURL;
 
 		for ( i = 0; i < blockquotes.length; i++ ) {