Opened 9 years ago
Closed 9 years ago
#34527 closed defect (bug) (fixed)
WP oEmbed: Improve height attribute sanitization
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 4.4 | Priority: | normal |
Severity: | normal | Version: | 4.4 |
Component: | Embeds | Keywords: | has-screenshots has-patch commit |
Focuses: | ui, javascript | Cc: |
Attachments (3)
Change History (7)
#3
@
9 years ago
- Keywords commit added
- Summary changed from WP oEmbed: the iframe height attribute doesn't need "px" to WP oEmbed: Improve height attribute sanitization
34527.3.patch is a simpler version of the second patch. The double NOT bitwise operator turns NaN
into 0
, removing the need for an isNaN
check.
Note: See
TracTickets for help on using
tickets.
Introduced back in August, see https://github.com/swissspidy/oEmbed-API/commit/4afbd5f4fa382b5f0afa4f34b9d4cb1dd678bc88.
While looking at this now, I think we should make sure that
height
is an actual number, to prevent setting the height to anything else. See 34527.2.patch