Changeset 55763

Timestamp:

05/16/2023 02:23:10 PM (15 months ago)

Author:

audrasjb

Message:

Embeds: Add protocol validation for WordPress Embed code.

Validate that links within auto-discovered embeds are using the http or https protocols before following links.

Props xknown, dd32, peterwilsoncc.

File:

• trunk/src/js/_enqueues/wp/embed.js (modified) (2 diffs)

trunk/src/js/_enqueues/wp/embed.js

@@ -50 +50 @@
         var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
             blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
+
             i, source, height, sourceURL, targetURL;
 
@@ -84 +85 @@
                 sourceURL.href = source.getAttribute( 'src' );
                 targetURL.href = data.value;
+
+
+
+
+
 
                 /* Only continue if link hostname matches iframe's hostname. */