<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[56383] trunk: Embeds: Modernize wp-embed script with removal of obsolete IE10/IE11 code and support for WP<4.4.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/56383">56383</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/56383","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>westonruter</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2023-08-10 19:47:08 +0000 (Thu, 10 Aug 2023)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Embeds: Modernize wp-embed script with removal of obsolete IE10/IE11 code and support for WP<4.4.
* Remove obsolete `load` event handler in `wp-embed` since IE10+ support `DOMContentLoaded`.
* Replace obsolete use of `document.createElement('a')` in favor of the newer `URL` class (supported in all browsers but obsolete IE11).
* Remove obsolete IE10/IE11 code.
* Combine conditionals.
* Use `substring()` instead of deprecated `substr()` method.
* Eliminate the stipulation that `wp-embed.js` not include ampersands, considering this was put in place for WP<4.3 which now accounts for only 1.43% of sites. This includes the elimination of the `verify:wp-embed` grunt task.
Props westonruter, swissspidy.
Fixes <a href="https://core.trac.wordpress.org/ticket/58974">#58974</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkGruntfilejs">trunk/Gruntfile.js</a></li>
<li><a href="#trunksrcjs_enqueueswpembedjs">trunk/src/js/_enqueues/wp/embed.js</a></li>
<li><a href="#trunktestsphpunittestsoembedtemplatephp">trunk/tests/phpunit/tests/oembed/template.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkGruntfilejs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/Gruntfile.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/Gruntfile.js 2023-08-10 16:47:00 UTC (rev 56382)
+++ trunk/Gruntfile.js 2023-08-10 19:47:08 UTC (rev 56383)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -764,21 +764,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> '!wp-admin/js/custom-header.js', // Why? We should minify this.
</span><span class="cx" style="display: block; padding: 0 10px"> '!wp-admin/js/farbtastic.js',
</span><span class="cx" style="display: block; padding: 0 10px"> '!wp-includes/js/swfobject.js',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- '!wp-includes/js/wp-embed.js' // We have extra options for this, see uglify:embed.
</del><span class="cx" style="display: block; padding: 0 10px"> ]
</span><span class="cx" style="display: block; padding: 0 10px"> },
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- embed: {
- options: {
- compress: {
- conditionals: false
- }
- },
- expand: true,
- cwd: WORKING_DIR,
- dest: WORKING_DIR,
- ext: '.min.js',
- src: ['wp-includes/js/wp-embed.js']
- },
</del><span class="cx" style="display: block; padding: 0 10px"> 'jquery-ui': {
</span><span class="cx" style="display: block; padding: 0 10px"> options: {
</span><span class="cx" style="display: block; padding: 0 10px"> // Preserve comments that start with a bang.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1461,7 +1448,6 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> grunt.registerTask( 'uglify:all', [
</span><span class="cx" style="display: block; padding: 0 10px"> 'uglify:core',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'uglify:embed',
</del><span class="cx" style="display: block; padding: 0 10px"> 'uglify:jquery-ui',
</span><span class="cx" style="display: block; padding: 0 10px"> 'uglify:imgareaselect',
</span><span class="cx" style="display: block; padding: 0 10px"> 'uglify:jqueryform',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1507,39 +1493,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * Build verification tasks.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> grunt.registerTask( 'verify:build', [
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'verify:wp-embed',
</del><span class="cx" style="display: block; padding: 0 10px"> 'verify:old-files',
</span><span class="cx" style="display: block; padding: 0 10px"> 'verify:source-maps',
</span><span class="cx" style="display: block; padding: 0 10px"> ] );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Build assertions for wp-embed.min.js.
- *
- * @ticket 34698
- */
- grunt.registerTask( 'verify:wp-embed', function() {
- const file = `${ BUILD_DIR }/wp-includes/js/wp-embed.min.js`;
-
- assert(
- fs.existsSync( file ),
- 'The build/wp-includes/js/wp-embed.min.js file does not exist.'
- );
-
- const contents = fs.readFileSync( file, {
- encoding: 'utf8',
- } );
-
- assert(
- contents.length > 0,
- 'The build/wp-includes/js/wp-embed.min.js file must not be empty.'
- );
- assert(
- false === contents.includes( '&' ),
- 'The build/wp-includes/js/wp-embed.min.js file must not contain ampersands.'
- );
- } );
-
- /**
</del><span class="cx" style="display: block; padding: 0 10px"> * Build assertions to ensure no project files are inside `$_old_files` in the build directory.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 36083
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpembedjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/embed.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/embed.js 2023-08-10 16:47:00 UTC (rev 56382)
+++ trunk/src/js/_enqueues/wp/embed.js 2023-08-10 19:47:08 UTC (rev 56383)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4,25 +4,23 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.4.0
</span><span class="cx" style="display: block; padding: 0 10px"> * @output wp-includes/js/wp-embed.js
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This file cannot have ampersands in it. This is to ensure
- * it can be embedded in older versions of WordPress.
- * See https://core.trac.wordpress.org/changeset/35708.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Single line comments should not be used since they will break
+ * the script when inlined in get_post_embed_html(), specifically
+ * when the comments are not stripped out due to SCRIPT_DEBUG
+ * being turned on.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> (function ( window, document ) {
</span><span class="cx" style="display: block; padding: 0 10px"> 'use strict';
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- var supportedBrowser = false,
- loaded = false;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /* Abort for ancient browsers. */
+ if ( ! document.querySelector || ! window.addEventListener || typeof URL === 'undefined' ) {
+ return;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( document.querySelector ) {
- if ( window.addEventListener ) {
- supportedBrowser = true;
- }
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> /** @namespace wp */
</span><span class="cx" style="display: block; padding: 0 10px"> window.wp = window.wp || {};
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /* Abort if script was already executed. */
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( !! window.wp.receiveEmbedMessage ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -35,18 +33,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> window.wp.receiveEmbedMessage = function( e ) {
</span><span class="cx" style="display: block; padding: 0 10px"> var data = e.data;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! data ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /* Verify shape of message. */
+ if (
+ ! ( data || data.secret || data.message || data.value ) ||
+ /[^a-zA-Z0-9]/.test( data.secret )
+ ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! ( data.secret || data.message || data.value ) ) {
- return;
- }
-
- if ( /[^a-zA-Z0-9]/.test( data.secret ) ) {
- return;
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
</span><span class="cx" style="display: block; padding: 0 10px"> blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
</span><span class="cx" style="display: block; padding: 0 10px"> allowedProtocols = new RegExp( '^https?:$', 'i' ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -65,8 +59,8 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> source.removeAttribute( 'style' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /* Resize the iframe on request. */
</del><span class="cx" style="display: block; padding: 0 10px"> if ( 'height' === data.message ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /* Resize the iframe on request. */
</ins><span class="cx" style="display: block; padding: 0 10px"> height = parseInt( data.value, 10 );
</span><span class="cx" style="display: block; padding: 0 10px"> if ( height > 1000 ) {
</span><span class="cx" style="display: block; padding: 0 10px"> height = 1000;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -75,43 +69,26 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> source.height = height;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ } else if ( 'link' === data.message ) {
+ /* Link to a specific URL on request. */
+ sourceURL = new URL( source.getAttribute( 'src' ) );
+ targetURL = new URL( data.value );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /* Link to a specific URL on request. */
- if ( 'link' === data.message ) {
- sourceURL = document.createElement( 'a' );
- targetURL = document.createElement( 'a' );
-
- sourceURL.href = source.getAttribute( 'src' );
- targetURL.href = data.value;
-
- /* Only follow link if the protocol is in the allow list. */
- if ( ! allowedProtocols.test( targetURL.protocol ) ) {
- continue;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (
+ allowedProtocols.test( targetURL.protocol ) &&
+ targetURL.host === sourceURL.host &&
+ document.activeElement === source
+ ) {
+ window.top.location.href = data.value;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- /* Only continue if link hostname matches iframe's hostname. */
- if ( targetURL.host === sourceURL.host ) {
- if ( document.activeElement === source ) {
- window.top.location.href = data.value;
- }
- }
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> function onLoad() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( loaded ) {
- return;
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ var iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
+ i, source, secret;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- loaded = true;
-
- var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ),
- isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ),
- iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
- iframeClone, i, source, secret;
-
</del><span class="cx" style="display: block; padding: 0 10px"> for ( i = 0; i < iframes.length; i++ ) {
</span><span class="cx" style="display: block; padding: 0 10px"> /** @var {IframeElement} */
</span><span class="cx" style="display: block; padding: 0 10px"> source = iframes[ i ];
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -119,18 +96,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> secret = source.getAttribute( 'data-secret' );
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! secret ) {
</span><span class="cx" style="display: block; padding: 0 10px"> /* Add secret to iframe */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- secret = Math.random().toString( 36 ).substr( 2, 10 );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ secret = Math.random().toString( 36 ).substring( 2, 12 );
</ins><span class="cx" style="display: block; padding: 0 10px"> source.src += '#?secret=' + secret;
</span><span class="cx" style="display: block; padding: 0 10px"> source.setAttribute( 'data-secret', secret );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /* Remove security attribute from iframes in IE10 and IE11. */
- if ( ( isIE10 || isIE11 ) ) {
- iframeClone = source.cloneNode( true );
- iframeClone.removeAttribute( 'security' );
- source.parentNode.replaceChild( iframeClone, source );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> /*
</span><span class="cx" style="display: block; padding: 0 10px"> * Let post embed window know that the parent is ready for receiving the height message, in case the iframe
</span><span class="cx" style="display: block; padding: 0 10px"> * loaded before wp-embed.js was loaded. When the ready message is received by the post embed window, the
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -143,9 +113,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( supportedBrowser ) {
- window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
- document.addEventListener( 'DOMContentLoaded', onLoad, false );
- window.addEventListener( 'load', onLoad, false );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ window.addEventListener( 'message', window.wp.receiveEmbedMessage, false );
+ document.addEventListener( 'DOMContentLoaded', onLoad, false );
</ins><span class="cx" style="display: block; padding: 0 10px"> })( window, document );
</span></span></pre></div>
<a id="trunktestsphpunittestsoembedtemplatephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/oembed/template.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/oembed/template.php 2023-08-10 16:47:00 UTC (rev 56382)
+++ trunk/tests/phpunit/tests/oembed/template.php 2023-08-10 19:47:08 UTC (rev 56383)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -343,15 +343,4 @@
</span><span class="cx" style="display: block; padding: 0 10px"> wp_maybe_enqueue_oembed_host_js( $post_embed );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertFalse( $scripts->query( 'wp-embed', 'enqueued' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- /**
- * Confirms that no ampersands exist in src/wp-includes/js/wp-embed.js.
- *
- * See also the `verify:wp-embed` Grunt task for verifying the built file.
- *
- * @ticket 34698
- */
- public function test_js_no_ampersands() {
- $this->assertStringNotContainsString( '&', file_get_contents( ABSPATH . WPINC . '/js/wp-embed.js' ) );
- }
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre>
</div>
</div>
</body>
</html>