[wp-trac] [WordPress Trac] #49173: Allow sanitized inline styles on oEmbed iframes
WordPress Trac
noreply at wordpress.org
Mon Jan 13 15:28:19 UTC 2020
#49173: Allow sanitized inline styles on oEmbed iframes
--------------------------+------------------------------
Reporter: westonruter | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Comment (by swissspidy):
Is this related to https://github.com/WordPress/gutenberg/issues/13000 /
the same issue?
----
I don't recall any specific issues with inline styles on oEmbed results.
The `style` attribute wasn't whitelisted from the beginning, see
https://github.com/swissspidy/oEmbed-
API/commit/be484afdf308ec22cf3b10be868d1e5b52d2088c.
I would be careful with whitelisting inline styles as it could lead to
issues with other providers. It would require some deliberate testing.
Looking at the inline style from this embedded content - `border:none;max-
width:500px;min-width:300px;min-height:550px;width:100%` - I don't exactly
see why it is absolutely necessary:
* Borders can be disabled with `frameborder=0`
* The `width` and `height` attributes on the iframe are whitelisted,
allowing the provider to define the dimensions that way
* Themes can support responsive embeds, removing the need to manually have
something like `width:100%` for embed iframes
-----
PS. clearing the oEmbed cache should work via `wp embed cache clear` too.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49173#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list