Context Navigation

← Previous Changeset
Next Changeset →

Changeset 907523

Timestamp:

05/03/2014 08:52:54 PM (12 years ago)

Author:

EdHynan

Message:

2.1.1: Chromium iframe bug: remove sandox in mce plugin

Location:

swfput

Files:

: 26 edited
: 1 copied

tags/2.1.1 (copied) (copied from swfput/trunk)
tags/2.1.1/Makefile (modified) (1 diff)
tags/2.1.1/README.html (modified) (1 diff)
tags/2.1.1/README.pdf (modified) (previous)
tags/2.1.1/js/editor_plugin.js (modified) (1 diff)
tags/2.1.1/js/editor_plugin.min.js (modified) (1 diff)
tags/2.1.1/js/editor_plugin3x.js (modified) (1 diff)
tags/2.1.1/js/editor_plugin3x.min.js (modified) (1 diff)
tags/2.1.1/locale/swfput_l10n-en_US.mo (modified) (previous)
tags/2.1.1/locale/swfput_l10n-en_US.po (modified) (2 diffs)
tags/2.1.1/locale/swfput_l10n.pot (modified) (2 diffs)
tags/2.1.1/readme.txt (modified) (3 diffs)
tags/2.1.1/swfput.php (modified) (2 diffs)
tags/2.1.1/version.sh (modified) (1 diff)
trunk/Makefile (modified) (1 diff)
trunk/README.html (modified) (1 diff)
trunk/README.pdf (modified) (previous)
trunk/js/editor_plugin.js (modified) (1 diff)
trunk/js/editor_plugin.min.js (modified) (1 diff)
trunk/js/editor_plugin3x.js (modified) (1 diff)
trunk/js/editor_plugin3x.min.js (modified) (1 diff)
trunk/locale/swfput_l10n-en_US.mo (modified) (previous)
trunk/locale/swfput_l10n-en_US.po (modified) (2 diffs)
trunk/locale/swfput_l10n.pot (modified) (2 diffs)
trunk/readme.txt (modified) (3 diffs)
trunk/swfput.php (modified) (2 diffs)
trunk/version.sh (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

swfput/tags/2.1.1/Makefile

r906349	r907523
2	2	# License: GNU GPLv3 (see http://www.gnu.org/licenses/gpl-3.0.html)
3	3
4		PRJVERS = 2.1.0
	4	PRJVERS = 2.1.1
5	5	PRJSTEM = swfput
6	6	PRJNAME = $(PRJSTEM)-$(PRJVERS)

swfput/tags/2.1.1/README.html

r906349	r907523
1	1	<!-- Creator : groff version 1.21 -->
2		<!-- CreationDate: ~~Thu May 1 11:21:32~~ 2014 -->
	2	<!-- CreationDate: Sat May 3 16:48:11 2014 -->
3	3	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
4	4	"http://www.w3.org/TR/html4/loose.dtd">

swfput/tags/2.1.1/js/editor_plugin.js

-                      r906349
+                      r907523
                 'width' : w,
                 'height' : h,
+                'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
+                // Argh!: Chromium 3.4 breaks with the sandbox attr.,
+                // refusing to run scipts in the iframe. Up to 3.3
+                // it was OK. Web search shows that chromium devs
+                // have been dithering about this for some time.
+                // IAC, source is never cross-origin or in any way
+                // unknown. Removed.
+                //'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
                 //'allowfullscreen' : '',
                 //'seamless' : '',

swfput/tags/2.1.1/js/editor_plugin.min.js

r906349	r907523
30	30	var d=ev.clipboardData\|\|dom.doc.dataTransfer;if(!d){return true;}
31	31	var tx=tinymce.isIE?'Text':'text/plain';var rep=SWFPut_repl_nl(d.getData(tx));setTimeout(function(){ed.execCommand('mceInsertContent',false,rep);},1);ev.preventDefault();return tinymce.dom.Event.cancel(ev);});ed.SWFPut_Set_code=function(content){return parseShortcode(content);};ed.SWFPut_Get_code=function(content){return getShortcode(content);};var sc_map={};var newkey=function(){var r;do{r=''+parseInt(32768*Math.random()+16384);}while(r in sc_map);sc_map[r]={};return r;};var from_pseudo=function(node){if(!node)return node;var w,h,s,id,cl,rep=false;w=node.attr('width');h=node.attr('height');s=node.attr('src');cl=node.attr('class')\|\|'';id=node.attr('id')\|\|'';var k=(id!=='')?(id.split('-'))[1]:false;if(k){if(k in sc_map&&sc_map[k].node){rep=sc_map[k].node;}}
32		if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'s~~andbox':"allow-same-origin allow-pointer-lock allow-scripts",'s~~rc':s});if(k&&k in sc_map){sc_map[k].node=rep;}}
	32	if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'src':s});if(k&&k in sc_map){sc_map[k].node=rep;}}
33	33	node.replace(rep);return node;};var to_pseudo=function(node,name){if(!node)return node;var w,h,s,id,cl,rep=false;id=node.attr('id')\|\|'';cl=node.attr('class')\|\|'';if(cl.indexOf('evh-pseudo')<0){return;}
34	34	w=node.attr('width');h=node.attr('height');s=node.attr('src');var k=(id!=='')?(id.split('-'))[1]:false;if(k){if(k in sc_map&&sc_map[k].pnode){rep=sc_map[k].pnode;}}

swfput/tags/2.1.1/js/editor_plugin3x.js

-                      r906349
+                      r907523
                     'width' : w,
                     'height' : h,
+                    'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
+                // Argh!: Chromium 3.4 breaks with the sandbox attr.,
+                // refusing to run scipts in the iframe. Up to 3.3
+                // it was OK. Web search shows that chromium devs
+                // have been dithering about this for some time.
+                // IAC, source is never cross-origin or in any way
+                // unknown. Removed.
+                    //'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
                     //'allowfullscreen' : '',
                     //'seamless' : '',

swfput/tags/2.1.1/js/editor_plugin3x.min.js

r906349	r907523
33	33	var tx=tinymce.isIE?'Text':'text/plain';var rep=SWFPut_repl_nl(d.getData(tx));setTimeout(function(){ed.execCommand('mceInsertContent',false,rep);},1);ev.preventDefault();return tinymce.dom.Event.cancel(ev);});ed.SWFPut_Set_code=function(content){return t._do_shcode(content);};ed.SWFPut_Get_code=function(content){return t._get_shcode(content);};},sc_map:{},newkey:function(){var r;do{r=''+parseInt(32768*Math.random()+16384);}while(r in this.sc_map);this.sc_map[r]={};return r;},from_pseudo:function(node,name){if(!node){return node;}
34	34	var t=this;var w,h,s,id,cl,rep=false;w=node.attr('width');h=node.attr('height');s=node.attr('src');cl=node.attr('class')\|\|'';id=node.attr('id')\|\|'';var k=(id!=='')?(id.split('-'))[1]:false;if(k){if(k in t.sc_map&&t.sc_map[k].node){rep=t.sc_map[k].node;}}
35		if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'s~~andbox':"allow-same-origin allow-pointer-lock allow-scripts",'s~~rc':s});if(k&&k in t.sc_map){t.sc_map[k].node=rep;}}
	35	if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'src':s});if(k&&k in t.sc_map){t.sc_map[k].node=rep;}}
36	36	node.replace(rep);return node;},to_pseudo:function(node,name){if(!node){return node;}
37	37	var t=this;var w,h,s,id,cl,rep=false;id=node.attr('id')\|\|'';cl=node.attr('class')\|\|'';if(cl.indexOf('evh-pseudo')<0){return;}

swfput/tags/2.1.1/locale/swfput_l10n-en_US.po

-                      r906349
+                      r907523
 # swfput 2.1.0 Pot Source
+# swfput 2.1.1 Pot Source
 # Copyright (C) 2013 Ed Hynan
 # This file is distributed under the same license as the swfput package.
 …
 msgid ""
 msgstr ""
 "Project-Id-Version: swfput 2.1.0\n"
+"Project-Id-Version: swfput 2.1.1\n"
 "Report-Msgid-Bugs-To: edhynan@gmail.com\n"
 "POT-Creation-Date: 2014-04-30 19:57-0400\n"
 "PO-Revision-Date: 2014-04-30 19:57 EDT\n"
+"POT-Creation-Date: 2014-05-03 16:48-0400\n"
+"PO-Revision-Date: 2014-05-03 16:48 EDT\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

swfput/tags/2.1.1/locale/swfput_l10n.pot

-                      r906349
+                      r907523
 # swfput 2.1.0 Pot Source
+# swfput 2.1.1 Pot Source
 # Copyright (C) 2013 Ed Hynan
 # This file is distributed under the same license as the swfput package.
 …
 msgid ""
 msgstr ""
 "Project-Id-Version: swfput 2.1.0\n"
+"Project-Id-Version: swfput 2.1.1\n"
 "Report-Msgid-Bugs-To: edhynan@gmail.com\n"
 "POT-Creation-Date: 2014-04-30 19:57-0400\n"
+"POT-Creation-Date: 2014-05-03 16:48-0400\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"

swfput/tags/2.1.1/readme.txt

-                      r906349
+                      r907523
 Requires at least: 3.0.2
 Tested up to: 3.9
 Stable tag: 2.1
+Stable tag: 2.1.1
 Text Domain: swfput_l10n
 License: GPLv3 or later
 …
 == Changelog ==
+= 2.1.1 =
+* This release is called "Sigh" and its only change is a
+    workaround for a chromium 3.4 bug -- not on the front end, but
+    in the Visual editor plugin. You want details, you say? OK:
+    this plugin's video in the tinymce visual editor is housed
+    in an iframe element. The iframe was given, *for principle only*,
+    a sandbox attribute (with the "allow-scripts" argument), even
+    thought the content is generated by a plugin script and is a
+    known quantity. This worked in the major browsers including the
+    Chromium 22 and 3.[123] tested with, but Chromium 3.4 would
+    no longer run scripts in the iframe. Persons-of-curiosity may
+    web search 'chromium iframe scripts' and see at a glance that
+    Chromium has dithered on this subject. Bottom line: the sandbox
+    attribute is removed. Apologies for this release so soon after
+.1 a few days ago.
 = 2.1 =
 …
 == Upgrade Notice ==
+= 2.1.1 =
+* Chromium 3,4 broken iframe handling will not run scripts
+    with attribute sandbox="allowScripts", so sanbox is removed.
+    Do web search 'Chromium iframe scripts' to see Chromium dither.
 = 2.1 =
 * Several small bug fixes and improvements.

swfput/tags/2.1.1/swfput.php

-                      r906349
+                      r907523
 Plugin URI: http://agalena.nfshost.com/b1/?page_id=46
 Description: Add Flash and HTML5 video to WordPress posts, pages, and widgets, from arbitrary URI's or media library ID's or files in your media upload directory tree (including uploads not in the WordPress media library).
 Version: 2.1
+Version: 2.1.1
 Author: Ed Hynan
 Author URI: http://agalena.nfshost.com/b1/
 …
     // this version
     const plugin_version = '2.1.0';
+    const plugin_version = '2.1.1';
     // the widget class name

swfput/tags/2.1.1/version.sh

r906349	r907523
3	3	VMAJOR=2
4	4	VMINOR=1
5		RMAJOR=0
	5	RMAJOR=1
6	6	RMINOR=0
7	7

swfput/trunk/Makefile

r906349	r907523
2	2	# License: GNU GPLv3 (see http://www.gnu.org/licenses/gpl-3.0.html)
3	3
4		PRJVERS = 2.1.0
	4	PRJVERS = 2.1.1
5	5	PRJSTEM = swfput
6	6	PRJNAME = $(PRJSTEM)-$(PRJVERS)

swfput/trunk/README.html

r906349	r907523
1	1	<!-- Creator : groff version 1.21 -->
2		<!-- CreationDate: ~~Thu May 1 11:21:32~~ 2014 -->
	2	<!-- CreationDate: Sat May 3 16:48:11 2014 -->
3	3	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
4	4	"http://www.w3.org/TR/html4/loose.dtd">

swfput/trunk/js/editor_plugin.js

-                      r906349
+                      r907523
                 'width' : w,
                 'height' : h,
+                'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
+                // Argh!: Chromium 3.4 breaks with the sandbox attr.,
+                // refusing to run scipts in the iframe. Up to 3.3
+                // it was OK. Web search shows that chromium devs
+                // have been dithering about this for some time.
+                // IAC, source is never cross-origin or in any way
+                // unknown. Removed.
+                //'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
                 //'allowfullscreen' : '',
                 //'seamless' : '',

swfput/trunk/js/editor_plugin.min.js

r906349	r907523
30	30	var d=ev.clipboardData\|\|dom.doc.dataTransfer;if(!d){return true;}
31	31	var tx=tinymce.isIE?'Text':'text/plain';var rep=SWFPut_repl_nl(d.getData(tx));setTimeout(function(){ed.execCommand('mceInsertContent',false,rep);},1);ev.preventDefault();return tinymce.dom.Event.cancel(ev);});ed.SWFPut_Set_code=function(content){return parseShortcode(content);};ed.SWFPut_Get_code=function(content){return getShortcode(content);};var sc_map={};var newkey=function(){var r;do{r=''+parseInt(32768*Math.random()+16384);}while(r in sc_map);sc_map[r]={};return r;};var from_pseudo=function(node){if(!node)return node;var w,h,s,id,cl,rep=false;w=node.attr('width');h=node.attr('height');s=node.attr('src');cl=node.attr('class')\|\|'';id=node.attr('id')\|\|'';var k=(id!=='')?(id.split('-'))[1]:false;if(k){if(k in sc_map&&sc_map[k].node){rep=sc_map[k].node;}}
32		if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'s~~andbox':"allow-same-origin allow-pointer-lock allow-scripts",'s~~rc':s});if(k&&k in sc_map){sc_map[k].node=rep;}}
	32	if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'src':s});if(k&&k in sc_map){sc_map[k].node=rep;}}
33	33	node.replace(rep);return node;};var to_pseudo=function(node,name){if(!node)return node;var w,h,s,id,cl,rep=false;id=node.attr('id')\|\|'';cl=node.attr('class')\|\|'';if(cl.indexOf('evh-pseudo')<0){return;}
34	34	w=node.attr('width');h=node.attr('height');s=node.attr('src');var k=(id!=='')?(id.split('-'))[1]:false;if(k){if(k in sc_map&&sc_map[k].pnode){rep=sc_map[k].pnode;}}

swfput/trunk/js/editor_plugin3x.js

-                      r906349
+                      r907523
                     'width' : w,
                     'height' : h,
+                    'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
+                // Argh!: Chromium 3.4 breaks with the sandbox attr.,
+                // refusing to run scipts in the iframe. Up to 3.3
+                // it was OK. Web search shows that chromium devs
+                // have been dithering about this for some time.
+                // IAC, source is never cross-origin or in any way
+                // unknown. Removed.
+                    //'sandbox' : "allow-same-origin allow-pointer-lock allow-scripts",
                     //'allowfullscreen' : '',
                     //'seamless' : '',

swfput/trunk/js/editor_plugin3x.min.js

r906349	r907523
33	33	var tx=tinymce.isIE?'Text':'text/plain';var rep=SWFPut_repl_nl(d.getData(tx));setTimeout(function(){ed.execCommand('mceInsertContent',false,rep);},1);ev.preventDefault();return tinymce.dom.Event.cancel(ev);});ed.SWFPut_Set_code=function(content){return t._do_shcode(content);};ed.SWFPut_Get_code=function(content){return t._get_shcode(content);};},sc_map:{},newkey:function(){var r;do{r=''+parseInt(32768*Math.random()+16384);}while(r in this.sc_map);this.sc_map[r]={};return r;},from_pseudo:function(node,name){if(!node){return node;}
34	34	var t=this;var w,h,s,id,cl,rep=false;w=node.attr('width');h=node.attr('height');s=node.attr('src');cl=node.attr('class')\|\|'';id=node.attr('id')\|\|'';var k=(id!=='')?(id.split('-'))[1]:false;if(k){if(k in t.sc_map&&t.sc_map[k].node){rep=t.sc_map[k].node;}}
35		if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'s~~andbox':"allow-same-origin allow-pointer-lock allow-scripts",'s~~rc':s});if(k&&k in t.sc_map){t.sc_map[k].node=rep;}}
	35	if(!rep){rep=new Node('iframe',1);rep.attr({'id':id,'class':cl.indexOf('evh-pseudo')>=0?cl:(cl+' evh-pseudo'),'width':w,'height':h,'src':s});if(k&&k in t.sc_map){t.sc_map[k].node=rep;}}
36	36	node.replace(rep);return node;},to_pseudo:function(node,name){if(!node){return node;}
37	37	var t=this;var w,h,s,id,cl,rep=false;id=node.attr('id')\|\|'';cl=node.attr('class')\|\|'';if(cl.indexOf('evh-pseudo')<0){return;}

swfput/trunk/locale/swfput_l10n-en_US.po

-                      r906349
+                      r907523
 # swfput 2.1.0 Pot Source
+# swfput 2.1.1 Pot Source
 # Copyright (C) 2013 Ed Hynan
 # This file is distributed under the same license as the swfput package.
 …
 msgid ""
 msgstr ""
 "Project-Id-Version: swfput 2.1.0\n"
+"Project-Id-Version: swfput 2.1.1\n"
 "Report-Msgid-Bugs-To: edhynan@gmail.com\n"
 "POT-Creation-Date: 2014-04-30 19:57-0400\n"
 "PO-Revision-Date: 2014-04-30 19:57 EDT\n"
+"POT-Creation-Date: 2014-05-03 16:48-0400\n"
+"PO-Revision-Date: 2014-05-03 16:48 EDT\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

swfput/trunk/locale/swfput_l10n.pot

-                      r906349
+                      r907523
 # swfput 2.1.0 Pot Source
+# swfput 2.1.1 Pot Source
 # Copyright (C) 2013 Ed Hynan
 # This file is distributed under the same license as the swfput package.
 …
 msgid ""
 msgstr ""
 "Project-Id-Version: swfput 2.1.0\n"
+"Project-Id-Version: swfput 2.1.1\n"
 "Report-Msgid-Bugs-To: edhynan@gmail.com\n"
 "POT-Creation-Date: 2014-04-30 19:57-0400\n"
+"POT-Creation-Date: 2014-05-03 16:48-0400\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"

swfput/trunk/readme.txt

-                      r906349
+                      r907523
 Requires at least: 3.0.2
 Tested up to: 3.9
 Stable tag: 2.1
+Stable tag: 2.1.1
 Text Domain: swfput_l10n
 License: GPLv3 or later
 …
 == Changelog ==
+= 2.1.1 =
+* This release is called "Sigh" and its only change is a
+    workaround for a chromium 3.4 bug -- not on the front end, but
+    in the Visual editor plugin. You want details, you say? OK:
+    this plugin's video in the tinymce visual editor is housed
+    in an iframe element. The iframe was given, *for principle only*,
+    a sandbox attribute (with the "allow-scripts" argument), even
+    thought the content is generated by a plugin script and is a
+    known quantity. This worked in the major browsers including the
+    Chromium 22 and 3.[123] tested with, but Chromium 3.4 would
+    no longer run scripts in the iframe. Persons-of-curiosity may
+    web search 'chromium iframe scripts' and see at a glance that
+    Chromium has dithered on this subject. Bottom line: the sandbox
+    attribute is removed. Apologies for this release so soon after
+.1 a few days ago.
 = 2.1 =
 …
 == Upgrade Notice ==
+= 2.1.1 =
+* Chromium 3,4 broken iframe handling will not run scripts
+    with attribute sandbox="allowScripts", so sanbox is removed.
+    Do web search 'Chromium iframe scripts' to see Chromium dither.
 = 2.1 =
 * Several small bug fixes and improvements.

swfput/trunk/swfput.php

-                      r906349
+                      r907523
 Plugin URI: http://agalena.nfshost.com/b1/?page_id=46
 Description: Add Flash and HTML5 video to WordPress posts, pages, and widgets, from arbitrary URI's or media library ID's or files in your media upload directory tree (including uploads not in the WordPress media library).
 Version: 2.1
+Version: 2.1.1
 Author: Ed Hynan
 Author URI: http://agalena.nfshost.com/b1/
 …
     // this version
     const plugin_version = '2.1.0';
+    const plugin_version = '2.1.1';
     // the widget class name

swfput/trunk/version.sh

r906349	r907523
3	3	VMAJOR=2
4	4	VMINOR=1
5		RMAJOR=0
	5	RMAJOR=1
6	6	RMINOR=0
7	7

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory