[wp-trac] [WordPress Trac] #18726: Automatic excerpt shows javascript source
WordPress Trac
wp-trac at lists.automattic.com
Tue Sep 20 23:31:04 UTC 2011
#18726: Automatic excerpt shows javascript source
--------------------------+-----------------------------
Reporter: evansolomon | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords: needs-patch
--------------------------+-----------------------------
If a post contains a Javascript embed, {{{the_excerpt}}} removes the
iframe and the {{{<script>}}} tags but returns the Javascript source.
As more web services are using Javascript to make their embeds HTML5
/mobile-compatible, this will probably become a more common problem.
To reproduce:
1. Publish a post with this content:
{{{<iframe class="scribd_iframe_embed"
src="http://www.scribd.com/embeds/65703182/content?start_page=1&view_mode=slideshow&access_key
=key-1w596jxtzrcyu6cv72h7" data-auto-height="true" data-aspect-
ratio="1.33333333333333" scrolling="no" id="doc_67442" width="100%"
height="600" frameborder="0"></iframe><script
type="text/javascript">(function() { var scribd =
document.createElement("script"); scribd.type = "text/javascript";
scribd.async = true; scribd.src =
"http://www.scribd.com/javascripts/embed_code/inject.js"; var s =
document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(scribd, s); })();</script>}}}
2. View the post's automatic excerpt, such as in a search
3. The post's body will be:
{{{(function() { var scribd = document.createElement("script");
scribd.type = "text/javascript"; scribd.async = true; scribd.src =
"http://www.scribd.com/javascripts/embed_code/inject.js"; var s =
document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(scribd, s); })();}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18726>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list