WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#26174 closed defect (bug) (fixed)

Customizer postMessage listener throws errors if it encounters a non-JSON string

Reported by: mattwiebe Owned by:
Milestone: 3.8 Priority: normal
Severity: normal Version:
Component: Customize Keywords: has-patch commit
Focuses: Cc:

Description

Our postMessage listener in wp-includes/js/customize-base.js assumes that every possible postMessage message that comes in from the same domain as the Customizer must have an event.data property that is 1) a string and 2) a good candidate for JSON.parse.

Both of these assumptions are faulty, since 1) non-IE browsers can pass objects, not just strings, and 2) sending a string that can't be JSON.parse'd is a perfectly valid thing to do. As more things start to use postMessage, this will get us into more trouble. (In this case it's Google+ Follow embeds, which receive "lovely" strings like "!_{h:'I0_1385142794503'}" which JSON.parse of course chokes on.

Patch included.

Attachments (1)

postmessage-check.diff (537 bytes) - added by mattwiebe 7 years ago.

Download all attachments as: .zip

Change History (3)

#1 @nacin
7 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.8

#2 @nacin
7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Bad paste. Fixed in [26542].

Note: See TracTickets for help on using tickets.