Customizer: Avoid `SecurityError`s when the Customizer is embedded in an origin other than wp-admin.

props mattwiebe.
fixes #31687.
Built from https://develop.svn.wordpress.org/trunk@31885


git-svn-id: http://core.svn.wordpress.org/trunk@31864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2015-03-25 17:26:26 +00:00
parent 1ad0eaf416
commit 7925e4c912
5 changed files with 33 additions and 7 deletions

View File

@ -1929,6 +1929,25 @@
this.query = $.extend( params.query || {}, { customize_messenger_channel: this.channel() }); this.query = $.extend( params.query || {}, { customize_messenger_channel: this.channel() });
// This avoids SecurityErrors when setting a window object in x-origin iframe'd scenarios.
this.targetWindow.set = function( to ) {
var from = this._value;
to = this._setter.apply( this, arguments );
to = this.validate( to );
if ( null === to || from === to ) {
return this;
}
this._value = to;
this._dirty = true;
this.callbacks.fireWith( this, [ to, from ] );
return this;
};
this.run( deferred ); this.run( deferred );
}, },
@ -2118,9 +2137,7 @@
tmpl = api.settings.documentTitleTmpl; tmpl = api.settings.documentTitleTmpl;
title = tmpl.replace( '%s', documentTitle ); title = tmpl.replace( '%s', documentTitle );
document.title = title; document.title = title;
if ( window !== window.parent ) { api.trigger( 'title', title );
window.parent.document.title = document.title;
}
}; };
/** /**
@ -2799,6 +2816,11 @@
window.location = api.settings.url.activated; window.location = api.settings.url.activated;
}); });
// Pass titles to the parent
api.bind( 'title', function( newTitle ) {
parent.send( 'title', newTitle );
});
// Initialize the connection with the parent frame. // Initialize the connection with the parent frame.
parent.send( 'ready' ); parent.send( 'ready' );

File diff suppressed because one or more lines are too long

View File

@ -155,6 +155,10 @@ window.wp = window.wp || {};
Loader.saved( false ); Loader.saved( false );
} ); } );
this.messenger.bind( 'title', function( newTitle ){
window.document.title = newTitle;
});
this.pushState( src ); this.pushState( src );
this.trigger( 'open' ); this.trigger( 'open' );

View File

@ -1 +1 @@
window.wp=window.wp||{},function(a,b){var c,d=wp.customize;b.extend(b.support,{history:!(!window.history||!history.pushState),hashchange:"onhashchange"in window&&(void 0===document.documentMode||document.documentMode>7)}),c=b.extend({},d.Events,{initialize:function(){this.body=b(document.body),c.settings&&b.support.postMessage&&(b.support.cors||!c.settings.isCrossDomain)&&(this.window=b(window),this.element=b('<div id="customize-container" />').appendTo(this.body),this.bind("open",this.overlay.show),this.bind("close",this.overlay.hide),b("#wpbody").on("click",".load-customize",function(a){a.preventDefault(),c.link=b(this),c.open(c.link.attr("href"))}),b.support.history&&this.window.on("popstate",c.popstate),b.support.hashchange&&(this.window.on("hashchange",c.hashchange),this.window.triggerHandler("hashchange")))},popstate:function(a){var b=a.originalEvent.state;b&&b.customize?c.open(b.customize):c.active&&c.close()},hashchange:function(){var a=window.location.toString().split("#")[1];a&&0===a.indexOf("wp_customize=on")&&c.open(c.settings.url+"?"+a),a||b.support.history||c.close()},beforeunload:function(){return c.saved()?void 0:c.settings.l10n.saveAlert},open:function(a){if(!this.active){if(c.settings.browser.mobile)return window.location=a;this.originalDocumentTitle=document.title,this.active=!0,this.body.addClass("customize-loading"),this.saved=new d.Value(!0),this.iframe=b("<iframe />",{src:a,title:c.settings.l10n.mainIframeTitle}).appendTo(this.element),this.iframe.one("load",this.loaded),this.messenger=new d.Messenger({url:a,channel:"loader",targetWindow:this.iframe[0].contentWindow}),this.messenger.bind("ready",function(){c.messenger.send("back")}),this.messenger.bind("close",function(){b.support.history?history.back():b.support.hashchange?window.location.hash="":c.close()}),b(window).on("beforeunload",this.beforeunload),this.messenger.bind("activated",function(a){a&&(window.location=a)}),this.messenger.bind("saved",function(){c.saved(!0)}),this.messenger.bind("change",function(){c.saved(!1)}),this.pushState(a),this.trigger("open")}},pushState:function(a){var c=a.split("?")[1];b.support.history&&window.location.href!==a?history.pushState({customize:a},"",a):!b.support.history&&b.support.hashchange&&c&&(window.location.hash="wp_customize=on&"+c),this.trigger("open")},opened:function(){c.body.addClass("customize-active full-overlay-active")},close:function(){if(this.active){if(!this.saved()&&!confirm(c.settings.l10n.saveAlert))return void history.forward();this.active=!1,this.trigger("close"),this.originalDocumentTitle&&(document.title=this.originalDocumentTitle),this.link&&this.link.focus()}},closed:function(){c.iframe.remove(),c.messenger.destroy(),c.iframe=null,c.messenger=null,c.saved=null,c.body.removeClass("customize-active full-overlay-active").removeClass("customize-loading"),b(window).off("beforeunload",c.beforeunload)},loaded:function(){c.body.removeClass("customize-loading")},overlay:{show:function(){this.element.fadeIn(200,c.opened)},hide:function(){this.element.fadeOut(200,c.closed)}}}),b(function(){c.settings=_wpCustomizeLoaderSettings,c.initialize()}),d.Loader=c}(wp,jQuery); window.wp=window.wp||{},function(a,b){var c,d=wp.customize;b.extend(b.support,{history:!(!window.history||!history.pushState),hashchange:"onhashchange"in window&&(void 0===document.documentMode||document.documentMode>7)}),c=b.extend({},d.Events,{initialize:function(){this.body=b(document.body),c.settings&&b.support.postMessage&&(b.support.cors||!c.settings.isCrossDomain)&&(this.window=b(window),this.element=b('<div id="customize-container" />').appendTo(this.body),this.bind("open",this.overlay.show),this.bind("close",this.overlay.hide),b("#wpbody").on("click",".load-customize",function(a){a.preventDefault(),c.link=b(this),c.open(c.link.attr("href"))}),b.support.history&&this.window.on("popstate",c.popstate),b.support.hashchange&&(this.window.on("hashchange",c.hashchange),this.window.triggerHandler("hashchange")))},popstate:function(a){var b=a.originalEvent.state;b&&b.customize?c.open(b.customize):c.active&&c.close()},hashchange:function(){var a=window.location.toString().split("#")[1];a&&0===a.indexOf("wp_customize=on")&&c.open(c.settings.url+"?"+a),a||b.support.history||c.close()},beforeunload:function(){return c.saved()?void 0:c.settings.l10n.saveAlert},open:function(a){if(!this.active){if(c.settings.browser.mobile)return window.location=a;this.originalDocumentTitle=document.title,this.active=!0,this.body.addClass("customize-loading"),this.saved=new d.Value(!0),this.iframe=b("<iframe />",{src:a,title:c.settings.l10n.mainIframeTitle}).appendTo(this.element),this.iframe.one("load",this.loaded),this.messenger=new d.Messenger({url:a,channel:"loader",targetWindow:this.iframe[0].contentWindow}),this.messenger.bind("ready",function(){c.messenger.send("back")}),this.messenger.bind("close",function(){b.support.history?history.back():b.support.hashchange?window.location.hash="":c.close()}),b(window).on("beforeunload",this.beforeunload),this.messenger.bind("activated",function(a){a&&(window.location=a)}),this.messenger.bind("saved",function(){c.saved(!0)}),this.messenger.bind("change",function(){c.saved(!1)}),this.messenger.bind("title",function(a){window.document.title=a}),this.pushState(a),this.trigger("open")}},pushState:function(a){var c=a.split("?")[1];b.support.history&&window.location.href!==a?history.pushState({customize:a},"",a):!b.support.history&&b.support.hashchange&&c&&(window.location.hash="wp_customize=on&"+c),this.trigger("open")},opened:function(){c.body.addClass("customize-active full-overlay-active")},close:function(){if(this.active){if(!this.saved()&&!confirm(c.settings.l10n.saveAlert))return void history.forward();this.active=!1,this.trigger("close"),this.originalDocumentTitle&&(document.title=this.originalDocumentTitle),this.link&&this.link.focus()}},closed:function(){c.iframe.remove(),c.messenger.destroy(),c.iframe=null,c.messenger=null,c.saved=null,c.body.removeClass("customize-active full-overlay-active").removeClass("customize-loading"),b(window).off("beforeunload",c.beforeunload)},loaded:function(){c.body.removeClass("customize-loading")},overlay:{show:function(){this.element.fadeIn(200,c.opened)},hide:function(){this.element.fadeOut(200,c.closed)}}}),b(function(){c.settings=_wpCustomizeLoaderSettings,c.initialize()}),d.Loader=c}(wp,jQuery);

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.2-beta2-31884'; $wp_version = '4.2-beta2-31885';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.