[wp-trac] [WordPress Trac] #44400: Adjust `sandbox` attribute for Sutori embeds via oEmbed discovery

WordPress Trac noreply at wordpress.org
Tue Jun 19 15:32:40 UTC 2018


#44400: Adjust `sandbox` attribute for Sutori embeds via oEmbed discovery
--------------------------------------+------------------------------
 Reporter:  yoran                     |       Owner:  (none)
     Type:  feature request           |      Status:  new
 Priority:  normal                    |   Milestone:  Awaiting Review
Component:  Embeds                    |     Version:
 Severity:  normal                    |  Resolution:
 Keywords:  dev-feedback 2nd-opinion  |     Focuses:
--------------------------------------+------------------------------

Comment (by yoran):

 Thanks for your prompt reply.

 > Adding allow-same-origin would have quite an impact that would go way
 beyond allowing 1 smaller website to set the iframe's height. For example,
 it has consequences for usage of cookies, local storage, etc.

 The main issue we're seeing is that some of the external Javascript
 libraries that Sutori loads can't deal with `document.cookie` throwing an
 exception, which happens when `allow-same-origin` is not added. This
 exception causses the embed to not show at all.

 There are two ways we can go about it:
 1. Fix this on our end so that Sutori loads fine without `allow-same-
 origin`.
 2. Add an exception to the Wordpress embed sanitizer to add `allow-same-
 origin` when embedding a resource from the sutori.com domain.

 Are there any services that have exceptions like 2, i.e. whitelist or
 extend certain attributes on the iframe? If so, I was hoping we could add
 Sutori as such an exception.

 The non-automatically resizing of the iframe is not as critical and
 something that we can fix separately, using the inter-frame communication
 method you described.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44400#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list