[wp-trac] [WordPress Trac] #49173: Allow sanitized inline styles on oEmbed iframes
WordPress Trac
noreply at wordpress.org
Sat Jan 11 21:31:58 UTC 2020
#49173: Allow sanitized inline styles on oEmbed iframes
--------------------------+-----------------------------
Reporter: westonruter | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version: 4.4
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Embeds from the New York Times are currently broken because the oEmbed
`<iframe>` sets its height via an inline `style` attribute which is
removed by Kses in `wp_filter_oembed_result()`. The result is an embed
that appears broken due to the iframe not having sufficient height.
I believe the fix is simply to allow the `style` attribute on the
`iframe`, and to allow the `safecss_filter_attr()` function to remove
style properties that are deemed unsafe:
{{{#!diff
--- a/src/wp-includes/embed.php
+++ b/src/wp-includes/embed.php
@@ -879,6 +879,7 @@ function wp_filter_oembed_result( $result, $data, $url
) {
'marginheight' => true,
'scrolling' => true,
'title' => true,
+ 'style' => true,
),
);
}}}
The result of this change for NYTimes embeds is the inclusion of the CSS
`border:none;max-width:500px;min-width:300px;min-height:550px;width:100%`
on the iframe's `style` attribute.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49173>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list