WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#23961 closed defect (bug) (fixed)

Video / Audio embed codes are not saved

Reported by: ThemePrince Owned by:
Milestone: 3.6 Priority: normal
Severity: major Version: 3.6
Component: Post Formats Keywords: has-patch
Focuses: Cc:
PR Number:

Description

WordPress 3.6-beta1

If you paste a youtube or soundcloud embed code (iframe) into a video or audio post format they won't be saved.

Attachments (1)

23961.diff (2.3 KB) - added by wonderboymusic 7 years ago.

Download all attachments as: .zip

Change History (13)

#1 @SergeyBiryukov
7 years ago

  • Milestone changed from Awaiting Review to 3.6

Confirmed.

#2 @Anderton
7 years ago

Confirmed.
Also. Pasting Embed code snippet from Vimeo and Metacafe (and others) in the Video Post Format »Video embed code or URL« field and hitting save (or update) will strip everything except links and wrap them in a P-tag.

http://f.cl.ly/items/0H0G1a1I2t2E1E0z2s24/video-post-format-wp36b1.jpg

#3 follow-up: @ocean90
7 years ago

I'm not sure if we should allow to paste embed codes here too. Could be a potential security risk, since we have to disable the unfiltered_html cap for the field, which is currently not the case, see above comment.

#4 in reply to: ↑ 3 @c3mdigital
7 years ago

Replying to ocean90:

I'm not sure if we should allow to paste embed codes here too. Could be a potential security risk, since we have to disable the unfiltered_html cap for the field, which is currently not the case, see above comment.

+1 Maybe we should change this to a text input and change the label to read "Video URL"

#5 @wonderboymusic
7 years ago

we can check for the cap and show an error if someone without that priv tries to save, but I don't think we should block everyone

@wonderboymusic
7 years ago

#6 @wonderboymusic
7 years ago

  • Keywords has-patch added; needs-patch removed

KSES was blowing this up, and will continue to blow it up for users without the 'unflitered_html' cap. I found precedence for the if / else here: https://core.trac.wordpress.org/browser/trunk/wp-includes/default-widgets.php#L410

#7 @kovshenin
7 years ago

If we want to support embed codes for folks without unfiltered_html we should do "embed reversals" that would convert an embed code to a shortcode, (or [embed]) during pre_kses, or leave it up to plugins. Some shortcodes bundled with Jetpack already do this.

#8 @markjaquith
7 years ago

I've done "embed reversals" before, as well. Converts them to their shortcode equivalent. A nice way of allowing limited potentially-dangerous code by funneling it back to a whitelisted output method.

Might be nice to support this in core for the OEmbed providers we support, but making those regexes isn't exactly trivial. They can be a pain, especially when the embed code varies in subtle ways that you can't always predict.

#9 @markjaquith
7 years ago

In 23985:

Only say we accept a raw video/audio embed code for unfiltered_html users.

props wonderboymusic. see #23961

#10 @wonderboymusic
7 years ago

  • Keywords close added; has-patch removed

#11 @wonderboymusic
6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I marked this "close" 6 days ago, crickets since then - new tickets, please

#12 @SergeyBiryukov
6 years ago

  • Keywords has-patch added; close removed
Note: See TracTickets for help on using tickets.