mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-06-28 14:20:15 +00:00
Embeds: Conditionally enqueue wp-embed only if needed and send ready message in case script loads after post embed windows.
* Prevent loading `wp-embed` script unconditionally on every page in favor of conditionally enqueueing when a post embed is detected. The `wp-embed` script is also explicitly marked as being in the footer group. Sites which currently disable post embed scripts from being enqueued via `remove_action( 'wp_head', 'wp_oembed_add_host_js' )` will continue to do so. * Send a `ready` message from the host page to each post embed window in case the `iframe` loads before the `wp-embed` script does. When the `ready` message is received by the post embed window, it sends the same `height` message as it sends when it loads. * Eliminate use of `grunt-include` to inject emoji script and the post embed script. Instead obtain the script contents via `file_get_contents()` (as is done elsewhere in core) and utilize `wp_print_inline_script_tag()`/`wp_get_inline_script_tag()` to construct out the script. This simplifies the logic and allows the running of src without `SCRIPT_DEBUG` enabled. * For the embed code that users are provided to copy for embedding outside of WP, add the `secret` on the `blockquote` and `iframe`. This ensures the `blockquote` will be hidden when the `iframe` loads. The embed code in question is accessed here via `get_post_embed_html()`. Props westonruter, swissspidy, pento, flixos90, ocean90. Fixes #44632, #44306. git-svn-id: https://develop.svn.wordpress.org/trunk@52132 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Weston Ruter
@@ -359,7 +359,25 @@ function wp_oembed_add_discovery_links() {
|
||||
* @since 4.4.0
|
||||
*/
|
||||
function wp_oembed_add_host_js() {
|
||||
wp_enqueue_script( 'wp-embed' );
|
||||
add_filter( 'embed_oembed_html', 'wp_maybe_enqueue_oembed_host_js' );
|
||||
}
|
||||
|
||||
/**
|
||||
* Enqueue the wp-embed script if the provided oEmbed HTML contains a post embed.
|
||||
*
|
||||
* In order to only enqueue the wp-embed script on pages that actually contain post embeds, this function checks if the
|
||||
* provided HTML contains post embed markup and if so enqueues the script so that it will get printed in the footer.
|
||||
*
|
||||
* @since 5.9.0
|
||||
*
|
||||
* @param string $html Embed markup.
|
||||
* @return string Embed markup (without modifications).
|
||||
*/
|
||||
function wp_maybe_enqueue_oembed_host_js( $html ) {
|
||||
if ( preg_match( '/<blockquote\s[^>]*wp-embedded-content/', $html ) ) {
|
||||
wp_enqueue_script( 'wp-embed' );
|
||||
}
|
||||
return $html;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -450,32 +468,22 @@ function get_post_embed_html( $width, $height, $post = null ) {
|
||||
|
||||
$embed_url = get_post_embed_url( $post );
|
||||
|
||||
$output = '<blockquote class="wp-embedded-content"><a href="' . esc_url( get_permalink( $post ) ) . '">' . get_the_title( $post ) . "</a></blockquote>\n";
|
||||
$secret = wp_generate_password( 10, false );
|
||||
$embed_url .= "#?secret={$secret}";
|
||||
|
||||
$output .= "<script type='text/javascript'>\n";
|
||||
$output .= "<!--//--><![CDATA[//><!--\n";
|
||||
if ( SCRIPT_DEBUG ) {
|
||||
$output .= file_get_contents( ABSPATH . WPINC . '/js/wp-embed.js' );
|
||||
} else {
|
||||
/*
|
||||
* If you're looking at a src version of this file, you'll see an "include"
|
||||
* statement below. This is used by the `npm run build` process to directly
|
||||
* include a minified version of wp-embed.js, instead of using the
|
||||
* file_get_contents() method from above.
|
||||
*
|
||||
* If you're looking at a build version of this file, you'll see a string of
|
||||
* minified JavaScript. If you need to debug it, please turn on SCRIPT_DEBUG
|
||||
* and edit wp-embed.js directly.
|
||||
*/
|
||||
$output .= <<<JS
|
||||
include "js/wp-embed.min.js"
|
||||
JS;
|
||||
}
|
||||
$output .= "\n//--><!]]>";
|
||||
$output .= "\n</script>";
|
||||
$output = wp_get_inline_script_tag(
|
||||
file_get_contents( sprintf( ABSPATH . WPINC . '/js/wp-embed' . wp_scripts_get_suffix() . '.js' ) )
|
||||
);
|
||||
|
||||
$output .= sprintf(
|
||||
'<iframe sandbox="allow-scripts" security="restricted" src="%1$s" width="%2$d" height="%3$d" title="%4$s" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe>',
|
||||
'<blockquote class="wp-embedded-content" data-secret="%1$s"><a href="%2$s">%3$s</a></blockquote>',
|
||||
esc_attr( $secret ),
|
||||
esc_url( get_permalink( $post ) ),
|
||||
get_the_title( $post )
|
||||
);
|
||||
|
||||
$output .= sprintf(
|
||||
'<iframe sandbox="allow-scripts" security="restricted" src="%1$s" width="%2$d" height="%3$d" title="%4$s" data-secret="%5$s" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe>',
|
||||
esc_url( $embed_url ),
|
||||
absint( $width ),
|
||||
absint( $height ),
|
||||
@@ -486,7 +494,8 @@ JS;
|
||||
get_the_title( $post ),
|
||||
get_bloginfo( 'name' )
|
||||
)
|
||||
)
|
||||
),
|
||||
esc_attr( $secret )
|
||||
);
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user