WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#34527 closed defect (bug) (fixed)

WP oEmbed: Improve height attribute sanitization

Reported by: afercia Owned by: wonderboymusic
Milestone: 4.4 Priority: normal
Severity: normal Version: 4.4
Component: Embeds Keywords: has-screenshots has-patch commit
Focuses: ui, javascript Cc:
PR Number:

Description

The iframe height attribute value should be a number, no need for a unit measure (not a style inline attribute). See the JS for the height calculation in wp-embed.js

https://cldup.com/ToEPfmhqdK.png

Attachments (3)

34527.patch (380 bytes) - added by afercia 4 years ago.
34527.2.patch (625 bytes) - added by swissspidy 4 years ago.
34527.3.patch (610 bytes) - added by swissspidy 4 years ago.

Download all attachments as: .zip

Change History (7)

@afercia
4 years ago

#1 @afercia
4 years ago

  • Keywords has-patch added; needs-patch removed

@swissspidy
4 years ago

#2 @swissspidy
4 years ago

Introduced back in August, see https://github.com/swissspidy/oEmbed-API/commit/4afbd5f4fa382b5f0afa4f34b9d4cb1dd678bc88.

While looking at this now, I think we should make sure that height is an actual number, to prevent setting the height to anything else. See 34527.2.patch

@swissspidy
4 years ago

#3 @swissspidy
4 years ago

  • Keywords commit added
  • Summary changed from WP oEmbed: the iframe height attribute doesn't need "px" to WP oEmbed: Improve height attribute sanitization

34527.3.patch is a simpler version of the second patch. The double NOT bitwise operator turns NaN into 0, removing the need for an isNaN check.

#4 @wonderboymusic
4 years ago

  • Owner set to wonderboymusic
  • Resolution set to fixed
  • Status changed from new to closed

In 35478:

WP oEmbed: Improve height attribute sanitization

Props afercia, swissspidy.
Fixes #34527.

Note: See TracTickets for help on using tickets.