Opened 12 years ago
Closed 12 years ago
#18726 closed defect (bug) (fixed)
Automatic excerpt shows javascript source
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.3 | Priority: | normal |
Severity: | normal | Version: | 1.2 |
Component: | General | Keywords: | easy-fix has-patch |
Focuses: | Cc: |
Description
If a post contains a Javascript embed, the_excerpt
removes the iframe and the <script>
tags but returns the Javascript source.
As more web services are using Javascript to make their embeds HTML5/mobile-compatible, this will probably become a more common problem.
To reproduce:
- Publish a post with this content:
<iframe class="scribd_iframe_embed" src="http://www.scribd.com/embeds/65703182/content?start_page=1&view_mode=slideshow&access_key=key-1w596jxtzrcyu6cv72h7" data-auto-height="true" data-aspect-ratio="1.33333333333333" scrolling="no" id="doc_67442" width="100%" height="600" frameborder="0"></iframe><script type="text/javascript">(function() { var scribd = document.createElement("script"); scribd.type = "text/javascript"; scribd.async = true; scribd.src = "http://www.scribd.com/javascripts/embed_code/inject.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(scribd, s); })();</script>
- View the post's automatic excerpt, such as in a search
- The post's body will be:
(function() { var scribd = document.createElement("script"); scribd.type = "text/javascript"; scribd.async = true; scribd.src = "http://www.scribd.com/javascripts/embed_code/inject.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(scribd, s); })();
Attachments (2)
Change History (11)
#2
@
12 years ago
we have wp_strip_all_tags()
which is supposed to strip the contents of script and style tags, which is also used by wp_html_excerpt()
#5
@
12 years ago
- Keywords easy-fix added
Probably a good example to introduce "easy-fix" tag for new contributors, as suggested by Jane.
#6
follow-up:
↓ 7
@
12 years ago
- Keywords has-patch added; needs-patch removed
Confirmed wp_strip_all_tags
removes the script
source, example in 18726.diff.
#7
in reply to:
↑ 6
@
12 years ago
Replying to evansolomon:
Confirmed
wp_strip_all_tags
removes thescript
source, example in 18726.diff.
Instead, let's go into wp_trim_words() and change the strip_tags() call to wp_strip_all_tags().
Confirmed that strip_tags() won't remove <script> content.
We could strip out script and style tags via preg_replace in the new wp_trim_words() function ([18732]) before running strip_tags().