Mercurial Mercurial > enmi-conf.org / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wp/wp-includes/js/wp-embed.js
changeset 21 48c4eec2b7e6
parent 19 3d72ae0968f4 
--- a/wp/wp-includes/js/wp-embed.js	Thu Sep 29 08:06:27 2022 +0200
+++ b/wp/wp-includes/js/wp-embed.js	Fri Sep 05 18:40:08 2025 +0200
@@ -4,25 +4,23 @@
  * @since 4.4.0
  * @output wp-includes/js/wp-embed.js
  *
- * This file cannot have ampersands in it. This is to ensure
- * it can be embedded in older versions of WordPress.
- * See https://core.trac.wordpress.org/changeset/35708.
+ * Single line comments should not be used since they will break
+ * the script when inlined in get_post_embed_html(), specifically
+ * when the comments are not stripped out due to SCRIPT_DEBUG
+ * being turned on.
  */
 (function ( window, document ) {
 	'use strict';
 
-	var supportedBrowser = false,
-		loaded = false;
-
-		if ( document.querySelector ) {
-			if ( window.addEventListener ) {
-				supportedBrowser = true;
-			}
-		}
+	/* Abort for ancient browsers. */
+	if ( ! document.querySelector || ! window.addEventListener || typeof URL === 'undefined' ) {
+		return;
+	}
 
 	/** @namespace wp */
 	window.wp = window.wp || {};
 
+	/* Abort if script was already executed. */
 	if ( !! window.wp.receiveEmbedMessage ) {
 		return;
 	}
@@ -35,20 +33,17 @@
 	window.wp.receiveEmbedMessage = function( e ) {
 		var data = e.data;
 
-		if ( ! data ) {
-			return;
-		}
-
-		if ( ! ( data.secret || data.message || data.value ) ) {
-			return;
-		}
-
-		if ( /[^a-zA-Z0-9]/.test( data.secret ) ) {
+		/* Verify shape of message. */
+		if (
+			! ( data || data.secret || data.message || data.value ) ||
+			/[^a-zA-Z0-9]/.test( data.secret )
+		) {
 			return;
 		}
 
 		var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
 			blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
+			allowedProtocols = new RegExp( '^https?:$', 'i' ),
 			i, source, height, sourceURL, targetURL;
 
 		for ( i = 0; i < blockquotes.length; i++ ) {
@@ -64,8 +59,8 @@
 
 			source.removeAttribute( 'style' );
 
-			/* Resize the iframe on request. */
 			if ( 'height' === data.message ) {
+				/* Resize the iframe on request. */
 				height = parseInt( data.value, 10 );
 				if ( height > 1000 ) {
 					height = 1000;
@@ -74,37 +69,25 @@
 				}
 
 				source.height = height;
-			}
-
-			/* Link to a specific URL on request. */
-			if ( 'link' === data.message ) {
-				sourceURL = document.createElement( 'a' );
-				targetURL = document.createElement( 'a' );
+			} else if ( 'link' === data.message ) {
+				/* Link to a specific URL on request. */
+				sourceURL = new URL( source.getAttribute( 'src' ) );
+				targetURL = new URL( data.value );
 
-				sourceURL.href = source.getAttribute( 'src' );
-				targetURL.href = data.value;
-
-				/* Only continue if link hostname matches iframe's hostname. */
-				if ( targetURL.host === sourceURL.host ) {
-					if ( document.activeElement === source ) {
-						window.top.location.href = data.value;
-					}
+				if (
+					allowedProtocols.test( targetURL.protocol ) &&
+					targetURL.host === sourceURL.host &&
+					document.activeElement === source
+				) {
+					window.top.location.href = data.value;
 				}
 			}
 		}
 	};
 
 	function onLoad() {
-		if ( loaded ) {
-			return;
-		}
-
-		loaded = true;
-
-		var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ),
-			isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ),
-			iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
-			iframeClone, i, source, secret;
+		var iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
+			i, source, secret;
 
 		for ( i = 0; i < iframes.length; i++ ) {
 			/** @var {IframeElement} */
@@ -113,18 +96,11 @@
 			secret = source.getAttribute( 'data-secret' );
 			if ( ! secret ) {
 				/* Add secret to iframe */
-				secret = Math.random().toString( 36 ).substr( 2, 10 );
+				secret = Math.random().toString( 36 ).substring( 2, 12 );
 				source.src += '#?secret=' + secret;
 				source.setAttribute( 'data-secret', secret );
 			}
 
-			/* Remove security attribute from iframes in IE10 and IE11. */
-			if ( ( isIE10 || isIE11 ) ) {
-				iframeClone = source.cloneNode( true );
-				iframeClone.removeAttribute( 'security' );
-				source.parentNode.replaceChild( iframeClone, source );
-			}
-
 			/*
 			 * Let post embed window know that the parent is ready for receiving the height message, in case the iframe
 			 * loaded before wp-embed.js was loaded. When the ready message is received by the post embed window, the
@@ -137,9 +113,6 @@
 		}
 	}
 
-	if ( supportedBrowser ) {
-		window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
-		document.addEventListener( 'DOMContentLoaded', onLoad, false );
-		window.addEventListener( 'load', onLoad, false );
-	}
+	window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
+	document.addEventListener( 'DOMContentLoaded', onLoad, false );
 })( window, document );
enmi-conf.org