Commit Graph

4 Commits

Author SHA1 Message Date
Gary Pendergast 324cbf5d7e Embeds: Don't show embed discovery link on a static front page.
There's currently no iframe content being generated for a static front page. Giving out a link to that isn't an ideal user experience.

Props peterwilsoncc.

Fixes #35194 for trunk.


Built from https://develop.svn.wordpress.org/trunk@36059


git-svn-id: http://core.svn.wordpress.org/trunk@36024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-22 10:50:31 +00:00
Scott Taylor 8cf8e2c66d WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Dominik Schilling 22fe87c3b3 Build: Update source for `includes:embed` after [35718].
See #33413.
Built from https://develop.svn.wordpress.org/trunk@35720


git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:37:26 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00