[wp-trac] [WordPress Trac] #44400: Adjust `sandbox` attribute for Sutori embeds via oEmbed discovery
WordPress Trac
noreply at wordpress.org
Tue Jun 19 15:32:40 UTC 2018
#44400: Adjust `sandbox` attribute for Sutori embeds via oEmbed discovery
--------------------------------------+------------------------------
Reporter: yoran | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version:
Severity: normal | Resolution:
Keywords: dev-feedback 2nd-opinion | Focuses:
--------------------------------------+------------------------------
Comment (by yoran):
Thanks for your prompt reply.
> Adding allow-same-origin would have quite an impact that would go way
beyond allowing 1 smaller website to set the iframe's height. For example,
it has consequences for usage of cookies, local storage, etc.
The main issue we're seeing is that some of the external Javascript
libraries that Sutori loads can't deal with `document.cookie` throwing an
exception, which happens when `allow-same-origin` is not added. This
exception causses the embed to not show at all.
There are two ways we can go about it:
1. Fix this on our end so that Sutori loads fine without `allow-same-
origin`.
2. Add an exception to the Wordpress embed sanitizer to add `allow-same-
origin` when embedding a resource from the sutori.com domain.
Are there any services that have exceptions like 2, i.e. whitelist or
extend certain attributes on the iframe? If so, I was hoping we could add
Sutori as such an exception.
The non-automatically resizing of the iframe is not as critical and
something that we can fix separately, using the inter-frame communication
method you described.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44400#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list