Wordpress

Go to file

Scott Taylor dedff8fd0e WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances. In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped. In theory, this could lead to some broken embeds. Props mdawaffe. Fixes #34831. git-svn-id: https://develop.svn.wordpress.org/trunk@35761 602fd350-edb4-49c9-b593-d223f7449a82		2015-12-03 20:16:28 +00:00
src	WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.	2015-12-03 20:16:28 +00:00
tests	Route HEAD API requests through the GET callback method	2015-12-03 16:34:00 +00:00
tools/i18n	i18n tools: Use https for `msgid-bugs-address` URLs.	2015-07-27 19:37:13 +00:00
.editorconfig	Use HTTPS URLs for codex.wordpress.org.	2015-04-12 21:28:58 +00:00
.gitignore	Remove an IDE-specific rule in `.gitignore`. These should be managed in the user's `~/.gitignore_global` file.	2015-10-18 00:15:23 +00:00
.jshintrc	Build: Prevent non-breaking spaces from accidentally being inserted into JavaScript files.	2015-11-12 12:04:55 +00:00
.travis.yml	Remove PHP 7 from allowed failures list	2015-11-12 21:44:24 +00:00
Gruntfile.js	Build: Update source for `includes:embed` after [35718].	2015-11-20 15:36:21 +00:00
package.json	Build Tools: Update `autoprefixer` to 0.6.1.	2015-11-07 11:56:26 +00:00
phpunit.xml.dist	Unit Tests: add `SpeedTrapListener` to `phpunit/includes` and add the config node to `phpunit.xml.dist`.	2015-10-16 00:27:28 +00:00
wp-cli.yml	Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development.	2015-11-28 18:36:06 +00:00
wp-config-sample.php	Lightly clean up and improve inline documentation in wp-config-sample.php.	2015-05-10 00:05:30 +00:00
wp-tests-config-sample.php