Embeds: Remove & characters from the inline embed JS.

Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is. Props pento, peterwilsoncc. See #34698. git-svn-id: https://develop.svn.wordpress.org/trunk@35708 602fd350-edb4-49c9-b593-d223f7449a82
2025-10-16 12:05:38 +00:00 · 2015-11-19 23:05:39 +00:00 · 2015-11-19 23:05:39 +00:00 · c7e05dafbe
commit c7e05dafbe
parent 71c0c35c24
2 changed files with 34 additions and 10 deletions
--- a/Gruntfile.js
+++ b/Gruntfile.js
@ -435,9 +435,22 @@ module.exports = function(grunt) {
 					'!wp-includes/js/masonry.min.js',
 					'!wp-includes/js/swfobject.js',
 					'!wp-includes/js/underscore.*',
-					'!wp-includes/js/zxcvbn.min.js'
+					'!wp-includes/js/zxcvbn.min.js',
+					'!wp-includes/js/wp-embed.js' // We have extra options for this, see uglify:embed
 				]
 			},
+			embed: {
+				options: {
+					compress: {
+						conditionals: false
+					}
+				},
+				expand: true,
+				cwd: SOURCE_DIR,
+				dest: BUILD_DIR,
+				ext: '.min.js',
+				src: ['wp-includes/js/wp-embed.js']
+			},
 			media: {
 				expand: true,
 				cwd: SOURCE_DIR,
@ -647,6 +660,7 @@ module.exports = function(grunt) {
 		'cssmin:rtl',
 		'cssmin:colors',
 		'uglify:core',
+		'uglify:embed',
 		'uglify:jqueryui',
 		'concat:tinymce',
 		'compress:tinymce',
--- a/src/wp-includes/js/wp-embed.js
+++ b/src/wp-includes/js/wp-embed.js
@ -1,9 +1,15 @@
 (function ( window, document ) {
 	'use strict';

-	var supportedBrowser = ( document.querySelector && window.addEventListener ),
+	var supportedBrowser = false,
 		loaded = false;

+		if ( document.querySelector ) {
+			if ( window.addEventListener ) {
+				supportedBrowser = true;
+			}
+		}
+
 	window.wp = window.wp || {};

 	if ( !! window.wp.receiveEmbedMessage ) {
@ -50,8 +56,10 @@
 				targetURL.href = data.value;

 				/* Only continue if link hostname matches iframe's hostname. */
-				if ( targetURL.host === sourceURL.host && document.activeElement === source ) {
-					window.top.location.href = data.value;
+				if ( targetURL.host === sourceURL.host ) {
+					if ( document.activeElement === source ) {
+						window.top.location.href = data.value;
+					}
 				}
 			}
 		}
@ -77,15 +85,17 @@
 			source = iframes[ i ];
 			source.style.display = '';

-			if ( !source.getAttribute( 'data-secret' ) ) {
-				/* Add secret to iframe */
-				secret = Math.random().toString( 36 ).substr( 2, 10 );
-				source.src += '#?secret=' + secret;
-				source.setAttribute( 'data-secret', secret );
+			if ( source.getAttribute( 'data-secret' ) ) {
+				continue;
 			}

+			/* Add secret to iframe */
+			secret = Math.random().toString( 36 ).substr( 2, 10 );
+			source.src += '#?secret=' + secret;
+			source.setAttribute( 'data-secret', secret );
+
 			/* Remove security attribute from iframes in IE10 and IE11. */
-			if ( ( isIE10 || isIE11 ) && !!source.getAttribute( 'security' ) ) {
+			if ( ( isIE10 || isIE11 ) ) {
 				iframeClone = source.cloneNode( true );
 				iframeClone.removeAttribute( 'security' );
 				source.parentNode.replaceChild( iframeClone, source );