[wp-trac] [WordPress Trac] #36755: Native oEmbed support on Custom Post Types produces Cross-site scripting errors or are not rendered at all.
WordPress Trac
noreply at wordpress.org
Thu May 5 02:33:59 UTC 2016
#36755: Native oEmbed support on Custom Post Types produces Cross-site scripting
errors or are not rendered at all.
-------------------------------+------------------------------
Reporter: webdevmattcrom | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: TinyMCE | Version: 4.5.1
Severity: normal | Resolution:
Keywords: needs-screenshots | Focuses: javascript
-------------------------------+------------------------------
Comment (by webdevmattcrom):
Screenshots of results of the steps in the OP.
'''WHAT THE VISUAL EDITOR LOOKS LIKE:'''
Here's what it looked like for me:
[[Image(https://cloud.githubusercontent.com/assets/930724/14934087/50bdc414
-0e5a-11e6-9fa3-615738052b65.png)]]
Another tester had results that made it look like it was rendering as a
media embed:
[[Image(https://camo.githubusercontent.com/f8cfa415d87682537d360ee327255c6b7db45551/68747470733a2f2f636c6475702e636f6d2f396b566733745a766a6c2e706e67)]]
'''FRONT END RESULTS:'''
[[Image(https://www.mattcromwell.com/assets/oembed_fail_mattc.png)]]
This result is currently live on my site. See far bottom right footer
widget:
https://www.mattcromwell.com/ro-fawp-politics/
Here's the copy of both of those errors:
{{{
Uncaught SecurityError: Failed to read the 'cookie' property from
'Document': The document is sandboxed and lacks the 'allow-same-origin'
flag.
}}}
{{{
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided
('https://www.mattcromwell.com') does not match the recipient window's
origin ('null').
script.js:474 Uncaught SecurityError: Failed to read the 'cookie' property
from 'Document': The document is sandboxed and lacks the 'allow-same-
origin' flag.
}}}
{{{
Uncaught SecurityError: Failed to read the 'cookie' property from
'Document': The document is sandboxed and lacks the 'allow-same-origin'
flag.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36755#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list