Commit Graph

13 Commits

Author SHA1 Message Date
Sergey Biryukov e1b0d4ed7a Embeds: After [43593], move the new check to a separate line to avoid `test_js_no_ampersands_in_compiled` failure caused by UglifyJS task.
See #44832.
Built from https://develop.svn.wordpress.org/trunk@43597


git-svn-id: http://core.svn.wordpress.org/trunk@43426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 12:40:26 +00:00
Sergey Biryukov 07e2fba981 Embeds: Avoid a JS error in `wp.receiveEmbedMessage` if `data` parameter is not set.
Props dsifford, kadamwhite.
Fixes #44832.
Built from https://develop.svn.wordpress.org/trunk@43593


git-svn-id: http://core.svn.wordpress.org/trunk@43422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 10:30:24 +00:00
Pascal Birchler 98e8bf7ba2 Embeds: Correctly remove security attribute from iframes in IE 10 and IE 11.
This was originally added in 4.4, but presumably broke with [35708], which prevented these browsers from actually reaching the relevant code section.
Let's make embeds work again in IE 10 and IE 11.

Fixes #38694.
Built from https://develop.svn.wordpress.org/trunk@39347


git-svn-id: http://core.svn.wordpress.org/trunk@39287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 13:38:33 +00:00
Aaron Jorbin 32be6f7bb7 Bump grunt-contrib-uglify from 1.0.1 to 2.0.0
Sets `screwIE8` to false as it is now enabled by default

Files Changed:
build/wp-admin/js/customize-nav-menus.min.js
build/wp-admin/js/customize-widgets.min.js
build/wp-includes/js/customize-loader.min.js

Changelog:
2016-07-19   v2.0.0   Update uglify-js to v2.7.0. screwIE8 is enabled by default.
2016-07-19   v1.0.2   Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values.

See #38199.


Built from https://develop.svn.wordpress.org/trunk@39117


git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 05:40:34 +00:00
Pascal Birchler 0425e01d21 Embeds: Use a more accessible way to initially hide the iframe.
This fixes a bug in Firefox where assets inside the iframe aren't being displayed because they have no computed style.

See #35894.
Built from https://develop.svn.wordpress.org/trunk@36708


git-svn-id: http://core.svn.wordpress.org/trunk@36675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 10:23:27 +00:00
Pascal Birchler 383c422527 Embeds: Only display an iframe when it was successfully loaded.
This prevents showing a blank iframe by first checking if a message was successfully received from it.

Fixes #35894.
Built from https://develop.svn.wordpress.org/trunk@36648


git-svn-id: http://core.svn.wordpress.org/trunk@36615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 20:23:25 +00:00
Scott Taylor 8cf8e2c66d WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Gary Pendergast 603d3c0013 Embeds: Remove `&` characters from the inline embed JS.
Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.

Props pento, peterwilsoncc.

See #34698.


Built from https://develop.svn.wordpress.org/trunk@35708


git-svn-id: http://core.svn.wordpress.org/trunk@35672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-19 23:06:26 +00:00
Gary Pendergast a2349a2377 Embeds: Fix support for embedding in non-WordPress sites.
This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour.

Props swissspidy.

Fixes #34451.


Built from https://develop.svn.wordpress.org/trunk@35577


git-svn-id: http://core.svn.wordpress.org/trunk@35541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 00:08:27 +00:00
Scott Taylor 382d455235 WP oEmbed: Improve height attribute sanitization
Props afercia, swissspidy.
Fixes #34527.

Built from https://develop.svn.wordpress.org/trunk@35478


git-svn-id: http://core.svn.wordpress.org/trunk@35442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:39:25 +00:00
Gary Pendergast 21393df10e Embeds: Add fallbacks for IE7-9.
Older IE versions need just that little bit of extra tender care to keep them going.

Props peterwilsoncc, swissspidy, pento.

Fixes #34204.


Built from https://develop.svn.wordpress.org/trunk@35466


git-svn-id: http://core.svn.wordpress.org/trunk@35430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 04:38:25 +00:00
Gary Pendergast 368e5f9fc3 Embeds: Provide a cached text fallback.
Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post.

Fixes #34462.


Built from https://develop.svn.wordpress.org/trunk@35437


git-svn-id: http://core.svn.wordpress.org/trunk@35401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 23:11:24 +00:00
Sergey Biryukov a908d2d4b1 Embeds: Rename files, functions, and hooks added in [34903] to make it more clear what is oEmbed-specific and what isn't.
See https://core.trac.wordpress.org/ticket/34272#comment:7 for full list of renamed functions and hooks.

Props swissspidy.
Fixes #34272.
Built from https://develop.svn.wordpress.org/trunk@35235


git-svn-id: http://core.svn.wordpress.org/trunk@35201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-17 01:21:25 +00:00