Embeds: Add a CDATA and HTML comment wrapper around the JavaScript included in the embed HTML. This ensures that user agents which naively strip unwanted tags, without also stripping the content within those tages (for example, Slack), don't show the embed as a mess of JavaScript.
Props peterwilsoncc. Fixes #34429. Built from https://develop.svn.wordpress.org/trunk@35406 git-svn-id: http://core.svn.wordpress.org/trunk@35370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1acf9e9e49
commit
1f8e6268d3
|
@ -466,6 +466,7 @@ function get_post_embed_html( $post = null, $width, $height ) {
|
|||
$embed_url = get_post_embed_url( $post );
|
||||
|
||||
$output = "<script type='text/javascript'>\n";
|
||||
$output .= "<!--//--><![CDATA[//><!--\n";
|
||||
if ( SCRIPT_DEBUG ) {
|
||||
$output .= file_get_contents( ABSPATH . WPINC . '/js/wp-embed.js' );
|
||||
} else {
|
||||
|
@ -483,6 +484,7 @@ function get_post_embed_html( $post = null, $width, $height ) {
|
|||
!function(a,b){"use strict";function c(){var a=-1!==navigator.appVersion.indexOf("MSIE 10"),c=!!navigator.userAgent.match(/Trident.*rv\:11\./);if(a||c)for(var d,e=b.querySelectorAll(".wp-embedded-content[security]"),f=0;f<e.length;f++)d=e[f].cloneNode(!0),d.removeAttribute("security"),e[f].parentNode.insertBefore(d,e[f].nextSibling),e[f].parentNode.removeChild(e[f])}a.wp=a.wp||{},a.wp.receiveEmbedMessage||(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value)for(var e=b.querySelectorAll('.wp-embedded-content[data-secret="'+d.secret+'"]'),f=0;f<e.length;f++){var g=e[f];if("height"===d.message){var h=d.value;h>1e3?h=1e3:200>h&&(h=200),g.height=h+"px"}if("link"===d.message){var i=b.createElement("a"),j=b.createElement("a");i.href=g.getAttribute("src"),j.href=d.value,j.host===i.host&&b.activeElement===g&&(a.top.location.href=d.value)}}},a.addEventListener("message",a.wp.receiveEmbedMessage,!1),b.addEventListener("DOMContentLoaded",c,!1))}(window,document);
|
||||
JS;
|
||||
}
|
||||
$output .= "\n//--><!]]>";
|
||||
$output .= "\n</script>";
|
||||
|
||||
$output .= sprintf(
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.4-beta1-35405';
|
||||
$wp_version = '4.4-beta1-35406';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue