Testing slib 'scriptify' and friends

1.0John's bloghttps://blog.jj5.net/blogJay Jayhttps://blog.jj5.net/blog/author/jj5/Testing slib 'scriptify' and friends — John's blogrich600338<blockquote class="wp-embedded-content" data-secret="RHXiaks7b2"><a href="https://blog.jj5.net/blog/2011/12/24/testing-slib-scriptify-and-friends/">Testing slib ‘scriptify’ and friends</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://blog.jj5.net/blog/2011/12/24/testing-slib-scriptify-and-friends/embed/#?secret=RHXiaks7b2" width="600" height="338" title="“Testing slib ‘scriptify’ and friends” — John's blog" data-secret="RHXiaks7b2" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://d3tdk46fcdgbgu.cloudfront.net/blog/wp-includes/js/wp-embed.min.js /* ]]> */ </script> I’ve written a few little functions to help me sanitise content before including it in automatically generated JavaScript. The idea is to prevent code injection. You can see the tests for my function in the scriptify_test.php file on ProgClub Member … Continue reading →