[wp-trac] [WordPress Trac] #36755: Native oEmbed support on Custom Post Types produces Cross-site scripting errors or are not rendered at all.
WordPress Trac
noreply at wordpress.org
Wed May 11 04:03:58 UTC 2016
#36755: Native oEmbed support on Custom Post Types produces Cross-site scripting
errors or are not rendered at all.
-------------------------------+------------------------------
Reporter: webdevmattcrom | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: TinyMCE | Version: 4.5.1
Severity: normal | Resolution:
Keywords: needs-screenshots | Focuses: javascript
-------------------------------+------------------------------
Comment (by webdevmattcrom):
Replying to [comment:9 andtrev]:
> I also see this JS error message on other pages like
https://www.mattcromwell.com/hi-im-matt/about-me/ :
> {{{
> Failed to execute 'postMessage' on 'DOMWindow': The target origin
provided ('https://www.mattcromwell.com') does not match the recipient
window's origin ('null').
https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fwww.mattcromwell.com&stripe_xdm_c=default286544&stripe_xdm_p=1
> }}}
Actually, the Stripe error and others are being triggered because of the
oEmbed problem. It's a cross-site scripting error because Stripe is trying
to be loaded from inside the oEmbed but the source is registering as
"null".
To clarify that a bit more, I removed all the oEmbed widgets from my site,
except on one post.
You can see the errors here where the native oEmbed is in the footer:
https://www.mattcromwell.com/commentary-on-mullenweg-interview/
But check any other page and there are zero errors.
> When I navigate to the oembed url for the post you're embedding I get a
404: https://www.mattcromwell.com/wp-
json/oembed/1.0/embed?url=https%3A%2F%2Fwww.mattcromwell.com%2Fget-
analytify%2F
Where are you getting that URL from? The URL I pasted into that widget is:
https://www.mattcromwell.com/promotions/get-analytify/
But I did test this again locally with Twenty Fifteen just now and the
oEmbed worked as expected. What is strange is how so many others have been
able to duplicate this problem consistently (see the Twenty Sixteen Github
issue link above). Perhaps in the end this might not be an actual "bug"
but the behavior definitely is buggy.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36755#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list