WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #28195, comment 7


Ignore:
Timestamp:
05/11/14 22:57:16 (4 years ago)
Author:
azaozz
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #28195, comment 7

    initial v1  
    1 This looks fun but don't think it will work in its current form. Appending arbitrary JS that comes with the embeds in the editor is (very) undesirable. 
     1This looks fun but don't think it will work well in its current form. Appending arbitrary JS that comes with the embeds in the editor is (very) undesirable. 
    22 
    33If the embed is "insulated" in an iframe, all seems good as long as it doesn't touch anything outside the iframe (for example youtube). However when the embed is not insulated, the included JS would affect the editor in unpredictable ways. Don't think this is much of a security concern (we trust the providers). Rather that JS is intended for the front-end and would manipulate the DOM, attach events, etc. outside of the "wrapper" element. For example embedding a tweet appends an `<iframe id="rufous-sandbox" style="display: none;"...` to the editor body.