[wp-trac] [WordPress Trac] #36755: Native oEmbed support on Custom Post Types produces Cross-site scripting errors or are not rendered at all.

WordPress Trac noreply at wordpress.org
Wed May 11 18:23:25 UTC 2016


#36755: Native oEmbed support on Custom Post Types produces Cross-site scripting
errors or are not rendered at all.
-------------------------------+------------------------------
 Reporter:  webdevmattcrom     |       Owner:
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  TinyMCE            |     Version:  4.5.1
 Severity:  normal             |  Resolution:
 Keywords:  needs-screenshots  |     Focuses:  javascript
-------------------------------+------------------------------

Comment (by andtrev):

 Ya, you need to flush the rewrite rules after adding the custom post type
 code you posted above to get it to work correctly. It's likely this is the
 entire issue you've been having.

 The content width doesn't look like it does anything other than set the
 iframe width for the embed. It will always be empty when it hits that
 function in Twenty Sixteen unless you have some other plugin setting it
 before hand, so all you're doing is turning the setting off, but the embed
 will then just default to a 500 pixel width. This should make absolutely
 no difference in whether it displays or not.

 There is something interesting that happens, if the CPT registration code
 you posted above isn't included then the oembed properly shows a "Oops!
 That embed can’t be found." message in the iframe. But if you register the
 CPT and don't flush the rewrite rules it doesn't show an iframe at all,
 just the blockquote element with the link to the post you tried to embed.
 Seems like it would be better to show that same "Oops! That embed can’t be
 found." message rather than not doing anything.

 > Where are you getting that URL from? The URL I pasted into that widget
 is: https://www.mattcromwell.com/promotions/get-analytify/

 This is how the oembed process works, first you specify the url of the
 post you want to embed, like the one you used above, then it requests that
 page and searches for oembed links in the head. Using the link above it
 would find these two links:

 {{{
 <link rel="alternate" type="application/json+oembed"
 href="https://www.mattcromwell.com/wp-
 json/oembed/1.0/embed?url=https%3A%2F%2Fwww.mattcromwell.com%2Fpromotion
 %2Fget-analytify%2F">
 <link rel="alternate" type="text/xml+oembed"
 href="https://www.mattcromwell.com/wp-
 json/oembed/1.0/embed?url=https%3A%2F%2Fwww.mattcromwell.com%2Fpromotion
 %2Fget-analytify%2F&format=xml">
 }}}

 Those links will return the code necessary to embed that post. Which is
 JavaScript that when run, will embed
 https://www.mattcromwell.com/promotions/get-analytify/embed/ in an iframe.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36755#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list