From c71b8d0925bd03f9793b5fdf10e47e9bbd253329 Mon Sep 17 00:00:00 2001 From: koopersmith Date: Fri, 25 May 2012 16:19:18 +0000 Subject: [PATCH] Theme Customizer: Prevent messengers from binding to the current window when a parent doesn't exist. see #19910. git-svn-id: http://core.svn.wordpress.org/trunk@20897 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/js/customize-base.dev.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wp-includes/js/customize-base.dev.js b/wp-includes/js/customize-base.dev.js index bf8a028533..0968d7ed58 100644 --- a/wp-includes/js/customize-base.dev.js +++ b/wp-includes/js/customize-base.dev.js @@ -482,10 +482,13 @@ if ( typeof wp === 'undefined' ) }, initialize: function( url, targetWindow, options ) { + // Target the parent frame by default, but only if a parent frame exists. + var defaultTarget = window.parent == window ? null : window.parent; + $.extend( this, options || {} ); url = this.add( 'url', url ); - this.add( 'targetWindow', targetWindow || window.parent ); + this.add( 'targetWindow', targetWindow || defaultTarget ); this.add( 'origin', url() ).link( url ).setter( function( to ) { return to.replace( /([^:]+:\/\/[^\/]+).*/, '$1' ); }); @@ -503,6 +506,9 @@ if ( typeof wp === 'undefined' ) event = event.originalEvent; + if ( ! this.targetWindow() ) + return; + // Check to make sure the origin is valid. if ( this.origin() && event.origin !== this.origin() ) return; @@ -518,7 +524,7 @@ if ( typeof wp === 'undefined' ) data = typeof data === 'undefined' ? {} : data; - if ( ! this.url() ) + if ( ! this.url() || ! this.targetWindow() ) return; message = JSON.stringify({ id: id, data: data });