In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes#34831.
git-svn-id: https://develop.svn.wordpress.org/trunk@35761 602fd350-edb4-49c9-b593-d223f7449a82
Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.
Props pento, peterwilsoncc.
See #34698.
git-svn-id: https://develop.svn.wordpress.org/trunk@35708 602fd350-edb4-49c9-b593-d223f7449a82
This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour.
Props swissspidy.
Fixes#34451.
git-svn-id: https://develop.svn.wordpress.org/trunk@35577 602fd350-edb4-49c9-b593-d223f7449a82
Older IE versions need just that little bit of extra tender care to keep them going.
Props peterwilsoncc, swissspidy, pento.
Fixes#34204.
git-svn-id: https://develop.svn.wordpress.org/trunk@35466 602fd350-edb4-49c9-b593-d223f7449a82
Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post.
Fixes#34462.
git-svn-id: https://develop.svn.wordpress.org/trunk@35437 602fd350-edb4-49c9-b593-d223f7449a82
