[wp-trac] [WordPress Trac] #36755: Native oEmbed support on Custom Post Types produces Cross-site scripting errors or are not rendered at all.

WordPress Trac noreply at wordpress.org
Thu May 5 02:33:59 UTC 2016


#36755: Native oEmbed support on Custom Post Types produces Cross-site scripting
errors or are not rendered at all.
-------------------------------+------------------------------
 Reporter:  webdevmattcrom     |       Owner:
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  TinyMCE            |     Version:  4.5.1
 Severity:  normal             |  Resolution:
 Keywords:  needs-screenshots  |     Focuses:  javascript
-------------------------------+------------------------------

Comment (by webdevmattcrom):

 Screenshots of results of the steps in the OP.

 '''WHAT THE VISUAL EDITOR LOOKS LIKE:'''

 Here's what it looked like for me:
 [[Image(https://cloud.githubusercontent.com/assets/930724/14934087/50bdc414
 -0e5a-11e6-9fa3-615738052b65.png)]]

 Another tester had results that made it look like it was rendering as a
 media embed:
 [[Image(https://camo.githubusercontent.com/f8cfa415d87682537d360ee327255c6b7db45551/68747470733a2f2f636c6475702e636f6d2f396b566733745a766a6c2e706e67)]]

 '''FRONT END RESULTS:'''

 [[Image(https://www.mattcromwell.com/assets/oembed_fail_mattc.png)]]

 This result is currently live on my site. See far bottom right footer
 widget:
 https://www.mattcromwell.com/ro-fawp-politics/

 Here's the copy of both of those errors:

 {{{
 Uncaught SecurityError: Failed to read the 'cookie' property from
 'Document': The document is sandboxed and lacks the 'allow-same-origin'
 flag.
 }}}

 {{{
 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided
 ('https://www.mattcromwell.com') does not match the recipient window's
 origin ('null').
 script.js:474 Uncaught SecurityError: Failed to read the 'cookie' property
 from 'Document': The document is sandboxed and lacks the 'allow-same-
 origin' flag.
 }}}

 {{{
 Uncaught SecurityError: Failed to read the 'cookie' property from
 'Document': The document is sandboxed and lacks the 'allow-same-origin'
 flag.
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36755#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list