Make WordPress Core

Opened 14 months ago

Last modified 3 months ago

#39097 reopened defect (bug)

Links in embeds can't be opened in a new tab

Reported by: smerriman Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.4
Component: Embeds Keywords: needs-patch needs-testing
Focuses: Cc:


While reading https://make.wordpress.org/core/2016/12/05/wordpress-4-7-field-guide/, which contains many embeds, I wanted to open up all items of interest in new tabs so I could read through them.

In Firefox, mousewheel-clicking, ctrl-clicking, or right clicking a link in an embed immediately opens the link in the same tab (in the last case, without the normal right click menu appearing at all).

In Chrome, mousewheel-clicking does nothing; ctrl-clicking opens it in the same tab, while right clicking does work.

This appears to all be caused by the sandbox attribute on the iframe.

Not allowing the link to open in a new tab seems very wrong, especially when multiple embeds are in a post.

Change History (11)

#1 @swissspidy
14 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #35239.

#2 @johnbillion
14 months ago

  • Keywords needs-patch needs-testing added
  • Milestone set to Awaiting Review
  • Resolution duplicate deleted
  • Status changed from closed to reopened

This is not actually a duplicate of #35239. The bug reported is that it's not possible to use ctrl/cmd click to open a link in an embed in a new tab.

This behaviour can be seen in the 4.7 field guide post at https://make.wordpress.org/core/2016/12/05/wordpress-4-7-field-guide/ where the bug was also reported in the comments.

#3 @swissspidy
14 months ago

Cmd+click and why it's not possible right now has been discussed in exactly this ticket, even though the inital question was about making that the default behaviour. Anyway, worth a read.

#4 @smerriman
14 months ago

Yep, the other ticket contains details on the same issue. This feels like a pretty major flaw of embeds though.

Website owners often add target="_blank" to try to "keep people on their site" - this is of course a bad thing to do as discussed in the other ticket. However, having a feature which *forces* someone off their site, highly unexpectedly, and disables the right click context menu feels even worse. I can't imagine any site owner would want to use embeds if they knew this would be the result.

I'm sure there were good reasons for hijacking the links in the way done currently, but most uses of iframes would never require this (think, say, Twitter embeds) - does the gain outweigh the cost?

Last edited 14 months ago by smerriman (previous) (diff)

#5 @swissspidy
14 months ago

I'm sure there were good reasons for hijacking the links in the way done currently, but most uses of iframes would never require this (think, say, Twitter embeds) - does the gain outweigh the cost?

The problem is, when you embed tweets you know they come from a trusted source. With oEmbed discovery, you can basically embed any website, which makes it quite dangerous. Using JavaScript trickery, one could easily trick visitors into visiting sites they didn't intend to visit. That's why currently you can only click on links leading to the same host.

In #35239 I shared an idea on how to resolve this and enable opening links in a new tab by using cmd/ctrl click and why it's not possible right now. Hence my point that this ticket here is a duplicate.

#6 @swissspidy
14 months ago

  • Version set to 4.4

#7 @newsplugin.com
8 months ago

What about the right button? I understand that there may be problems when opening links, but I see no reason why right button default functionality of context menu need to be disabled. Ever.

#8 @swissspidy
8 months ago

@newsplugin.com As far as I can tell, there's no problem with the context menu. You should be able to right click -> open in new tab without problems. Browsers will handle this differently and won't execute our JavaScript in that case. The problem is just with cmd/ctrl + click.

#9 @smerriman
8 months ago

Nope, it still definitely affects right clicking, as mentioned in my original ticket. In Firefox, the behaviour appears to have changed slightly; I now see the context menu appear, but the link starts loading instantly at the same time, so I quickly end up on the wrong page.

#10 @Mte90
3 months ago

I tried to replicate right now but seems that oembed are disabled in the page on the first comment.

#11 @swissspidy
3 months ago

@Mte90 You can simply embed a post on your local blog in another post to test embeds.

Note: See TracTickets for help on using tickets.