2015-12-04 00:46:25 -05:00
|
|
|
/**
|
|
|
|
* WordPress inline HTML embed
|
|
|
|
*
|
|
|
|
* @since 4.4.0
|
2018-06-27 22:30:15 -04:00
|
|
|
* @output wp-includes/js/wp-embed.js
|
2015-12-04 00:46:25 -05:00
|
|
|
*
|
|
|
|
* This file cannot have ampersands in it. This is to ensure
|
|
|
|
* it can be embedded in older versions of WordPress.
|
|
|
|
* See https://core.trac.wordpress.org/changeset/35708.
|
|
|
|
*/
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
(function ( window, document ) {
|
|
|
|
'use strict';
|
|
|
|
|
2015-11-19 18:06:26 -05:00
|
|
|
var supportedBrowser = false,
|
2015-10-31 00:38:25 -04:00
|
|
|
loaded = false;
|
|
|
|
|
2015-11-19 18:06:26 -05:00
|
|
|
if ( document.querySelector ) {
|
|
|
|
if ( window.addEventListener ) {
|
|
|
|
supportedBrowser = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-08 14:42:49 -04:00
|
|
|
/** @namespace wp */
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
window.wp = window.wp || {};
|
|
|
|
|
|
|
|
if ( !! window.wp.receiveEmbedMessage ) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
window.wp.receiveEmbedMessage = function( e ) {
|
|
|
|
var data = e.data;
|
2018-08-30 08:40:26 -04:00
|
|
|
|
|
|
|
if ( ! data ) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( ! ( data.secret || data.message || data.value ) ) {
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-12-03 15:17:25 -05:00
|
|
|
if ( /[^a-zA-Z0-9]/.test( data.secret ) ) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-10-29 19:11:24 -04:00
|
|
|
var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
|
|
|
|
blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
|
2023-05-16 11:37:10 -04:00
|
|
|
allowedProtocols = new RegExp( '^https?:$', 'i' ),
|
2015-10-29 19:11:24 -04:00
|
|
|
i, source, height, sourceURL, targetURL;
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
2015-10-29 19:11:24 -04:00
|
|
|
for ( i = 0; i < blockquotes.length; i++ ) {
|
|
|
|
blockquotes[ i ].style.display = 'none';
|
|
|
|
}
|
|
|
|
|
|
|
|
for ( i = 0; i < iframes.length; i++ ) {
|
|
|
|
source = iframes[ i ];
|
|
|
|
|
2015-12-03 15:17:25 -05:00
|
|
|
if ( e.source !== source.contentWindow ) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2016-02-25 05:23:27 -05:00
|
|
|
source.removeAttribute( 'style' );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
|
|
|
/* Resize the iframe on request. */
|
|
|
|
if ( 'height' === data.message ) {
|
2015-10-31 16:39:25 -04:00
|
|
|
height = parseInt( data.value, 10 );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
if ( height > 1000 ) {
|
|
|
|
height = 1000;
|
2015-10-31 16:39:25 -04:00
|
|
|
} else if ( ~~height < 200 ) {
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
height = 200;
|
|
|
|
}
|
|
|
|
|
2015-10-31 16:39:25 -04:00
|
|
|
source.height = height;
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Link to a specific URL on request. */
|
|
|
|
if ( 'link' === data.message ) {
|
2015-10-29 19:11:24 -04:00
|
|
|
sourceURL = document.createElement( 'a' );
|
|
|
|
targetURL = document.createElement( 'a' );
|
|
|
|
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
sourceURL.href = source.getAttribute( 'src' );
|
|
|
|
targetURL.href = data.value;
|
|
|
|
|
2023-05-16 11:37:10 -04:00
|
|
|
/* Only follow link if the protocol is in the allow list. */
|
|
|
|
if ( ! allowedProtocols.test( targetURL.protocol ) ) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
/* Only continue if link hostname matches iframe's hostname. */
|
2015-11-19 18:06:26 -05:00
|
|
|
if ( targetURL.host === sourceURL.host ) {
|
|
|
|
if ( document.activeElement === source ) {
|
|
|
|
window.top.location.href = data.value;
|
|
|
|
}
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
function onLoad() {
|
2015-10-31 00:38:25 -04:00
|
|
|
if ( loaded ) {
|
|
|
|
return;
|
|
|
|
}
|
2016-02-23 15:23:25 -05:00
|
|
|
|
2015-10-31 00:38:25 -04:00
|
|
|
loaded = true;
|
|
|
|
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ),
|
2015-11-08 19:08:27 -05:00
|
|
|
isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ),
|
|
|
|
iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
|
|
|
|
iframeClone, i, source, secret;
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
2015-11-08 19:08:27 -05:00
|
|
|
for ( i = 0; i < iframes.length; i++ ) {
|
|
|
|
source = iframes[ i ];
|
|
|
|
|
2016-11-23 08:38:33 -05:00
|
|
|
if ( ! source.getAttribute( 'data-secret' ) ) {
|
|
|
|
/* Add secret to iframe */
|
|
|
|
secret = Math.random().toString( 36 ).substr( 2, 10 );
|
|
|
|
source.src += '#?secret=' + secret;
|
|
|
|
source.setAttribute( 'data-secret', secret );
|
2015-11-08 19:08:27 -05:00
|
|
|
}
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
|
2015-11-08 19:08:27 -05:00
|
|
|
/* Remove security attribute from iframes in IE10 and IE11. */
|
2015-11-19 18:06:26 -05:00
|
|
|
if ( ( isIE10 || isIE11 ) ) {
|
2015-11-08 19:08:27 -05:00
|
|
|
iframeClone = source.cloneNode( true );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
iframeClone.removeAttribute( 'security' );
|
2015-11-08 19:08:27 -05:00
|
|
|
source.parentNode.replaceChild( iframeClone, source );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-10-31 00:38:25 -04:00
|
|
|
if ( supportedBrowser ) {
|
|
|
|
window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
|
|
|
|
document.addEventListener( 'DOMContentLoaded', onLoad, false );
|
|
|
|
window.addEventListener( 'load', onLoad, false );
|
|
|
|
}
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 06:36:25 -04:00
|
|
|
})( window, document );
|