2015-12-04 00:46:25 -05:00
|
|
|
/**
|
|
|
|
* WordPress inline HTML embed
|
|
|
|
*
|
|
|
|
* @since 4.4.0
|
2018-06-27 22:30:15 -04:00
|
|
|
* @output wp-includes/js/wp-embed.js
|
2015-12-04 00:46:25 -05:00
|
|
|
*
|
2023-08-10 15:49:17 -04:00
|
|
|
* Single line comments should not be used since they will break
|
|
|
|
* the script when inlined in get_post_embed_html(), specifically
|
|
|
|
* when the comments are not stripped out due to SCRIPT_DEBUG
|
|
|
|
* being turned on.
|
2015-12-04 00:46:25 -05:00
|
|
|
*/
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
(function ( window, document ) {
|
|
|
|
'use strict';
|
|
|
|
|
2023-08-10 15:49:17 -04:00
|
|
|
/* Abort for ancient browsers. */
|
|
|
|
if ( ! document.querySelector || ! window.addEventListener || typeof URL === 'undefined' ) {
|
|
|
|
return;
|
|
|
|
}
|
2015-11-19 18:06:26 -05:00
|
|
|
|
2017-09-08 14:42:49 -04:00
|
|
|
/** @namespace wp */
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
window.wp = window.wp || {};
|
|
|
|
|
2023-08-10 15:49:17 -04:00
|
|
|
/* Abort if script was already executed. */
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
if ( !! window.wp.receiveEmbedMessage ) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-11-10 21:49:18 -05:00
|
|
|
/**
|
|
|
|
* Receive embed message.
|
|
|
|
*
|
|
|
|
* @param {MessageEvent} e
|
|
|
|
*/
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
window.wp.receiveEmbedMessage = function( e ) {
|
|
|
|
var data = e.data;
|
2018-08-30 08:40:26 -04:00
|
|
|
|
2023-08-10 15:49:17 -04:00
|
|
|
/* Verify shape of message. */
|
|
|
|
if (
|
|
|
|
! ( data || data.secret || data.message || data.value ) ||
|
|
|
|
/[^a-zA-Z0-9]/.test( data.secret )
|
|
|
|
) {
|
2015-12-03 15:17:25 -05:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-10-29 19:11:24 -04:00
|
|
|
var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
|
|
|
|
blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
|
2023-05-16 10:25:21 -04:00
|
|
|
allowedProtocols = new RegExp( '^https?:$', 'i' ),
|
2015-10-29 19:11:24 -04:00
|
|
|
i, source, height, sourceURL, targetURL;
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
2015-10-29 19:11:24 -04:00
|
|
|
for ( i = 0; i < blockquotes.length; i++ ) {
|
|
|
|
blockquotes[ i ].style.display = 'none';
|
|
|
|
}
|
|
|
|
|
|
|
|
for ( i = 0; i < iframes.length; i++ ) {
|
|
|
|
source = iframes[ i ];
|
|
|
|
|
2015-12-03 15:17:25 -05:00
|
|
|
if ( e.source !== source.contentWindow ) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2016-02-25 05:23:27 -05:00
|
|
|
source.removeAttribute( 'style' );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
|
|
|
if ( 'height' === data.message ) {
|
2023-08-10 15:49:17 -04:00
|
|
|
/* Resize the iframe on request. */
|
2015-10-31 16:39:25 -04:00
|
|
|
height = parseInt( data.value, 10 );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
if ( height > 1000 ) {
|
|
|
|
height = 1000;
|
2015-10-31 16:39:25 -04:00
|
|
|
} else if ( ~~height < 200 ) {
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
height = 200;
|
|
|
|
}
|
|
|
|
|
2015-10-31 16:39:25 -04:00
|
|
|
source.height = height;
|
2023-08-10 15:49:17 -04:00
|
|
|
} else if ( 'link' === data.message ) {
|
|
|
|
/* Link to a specific URL on request. */
|
|
|
|
sourceURL = new URL( source.getAttribute( 'src' ) );
|
|
|
|
targetURL = new URL( data.value );
|
|
|
|
|
|
|
|
if (
|
|
|
|
allowedProtocols.test( targetURL.protocol ) &&
|
|
|
|
targetURL.host === sourceURL.host &&
|
|
|
|
document.activeElement === source
|
|
|
|
) {
|
|
|
|
window.top.location.href = data.value;
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
function onLoad() {
|
2023-08-10 15:49:17 -04:00
|
|
|
var iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
|
|
|
|
i, source, secret;
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
2015-11-08 19:08:27 -05:00
|
|
|
for ( i = 0; i < iframes.length; i++ ) {
|
2021-11-10 21:49:18 -05:00
|
|
|
/** @var {IframeElement} */
|
2015-11-08 19:08:27 -05:00
|
|
|
source = iframes[ i ];
|
|
|
|
|
2021-11-10 21:49:18 -05:00
|
|
|
secret = source.getAttribute( 'data-secret' );
|
|
|
|
if ( ! secret ) {
|
2016-11-23 08:38:33 -05:00
|
|
|
/* Add secret to iframe */
|
2023-08-10 15:49:17 -04:00
|
|
|
secret = Math.random().toString( 36 ).substring( 2, 12 );
|
2016-11-23 08:38:33 -05:00
|
|
|
source.src += '#?secret=' + secret;
|
|
|
|
source.setAttribute( 'data-secret', secret );
|
2015-11-08 19:08:27 -05:00
|
|
|
}
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
2021-11-10 21:49:18 -05:00
|
|
|
/*
|
|
|
|
* Let post embed window know that the parent is ready for receiving the height message, in case the iframe
|
|
|
|
* loaded before wp-embed.js was loaded. When the ready message is received by the post embed window, the
|
|
|
|
* window will then (re-)send the height message right away.
|
|
|
|
*/
|
|
|
|
source.contentWindow.postMessage( {
|
|
|
|
message: 'ready',
|
|
|
|
secret: secret
|
|
|
|
}, '*' );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-08-10 15:49:17 -04:00
|
|
|
window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
|
|
|
|
document.addEventListener( 'DOMContentLoaded', onLoad, false );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
})( window, document );
|