Advanced iFrame Pro v2024.4

[featured_image]
Download
Download is available until [expire_date]
  • Version
  • Download 34
  • File Size 0.00 KB
  • File Count 1
  • Create Date October 26, 2023
  • Last Updated May 29, 2024

Advanced iFrame Pro v2024.4

Changelog

2024.4

  • New: Tested with WordPress 6.5.3
  • Fix: When using arrays in the parameters was causing an error. If this is now the case no optimization of placeholders are done anymore.
  • Security fix: Added additional filters to some Javascript parameters to increase security.

2024.3

  • Security fix: The filter attribute method now filters shortcode attributes which are parsed wrong by WordPress if the user does not have the unfiltered_html permission.
  • Security fix: #x28 and #x29 are filtered if the user does not have the unfiltered_html permission.

2024.0

  • Security fix: The include_html attribute are now only allowed to be used if you have the permission “unfiltered_html”, that you need in WordPress to use iframes. If you do not have this permission, during save the attribute is removed and an error message is shown.
  • Security fix: All shortcode attributes have now input sanitation to avoid Stored Cross-Site Scripting at save if you do not have the permission “unfiltered_html”! This happens in the normal editor and also in the Gutenberg block! Please get the unfiltered_html permission if you get an error message while you want to use ‘();= or a space in attributes. This sanitation is very general and does not allow all possible things you can do with advanced iframe. As 99.9% of the users who add an iframe are editors or above this should affect almost no one directly and it makes the plugin more secure.
  • Security fix: ” inside advanced iframe shortcode attributes is not allowed anymore to avoid XSS attacks.
  • Security fix: Additional output filtering of short code attributes directly used in HTML or Javascript to avoid XSS attacks. This is done for ALL roles!
  • New: The scroll to top in the external workaround is now also supporting the “touched” event next to the “click” event.
  • New: The documentation was improved for scroll to top as the external workaround is also supporting “iframe” if “Scrolls the parent window/iframe to the top” is set to iframe.

2023.10

  • New: Support for Partitioned; See https://developer.chrome.com/docs/privacy-sandbox/third-party-cookie-phase-out/ for details. All places where SameSite=None is set also Partitioned; is added now.
  • Fix: When saving the administration the detection of modified ai.min.js could cause a file_exists too long error with a lot of text shown. A wrong variaentation ble was used here which is fixed now. Now also the detection works that ai.min.js is regenerated again and again.

2023.9

  • Security fix: The onload and custom attributes are now only allowed to be used if you have the permission “unfiltered_html”, that you need in WordPress to use iframes. If you do not have this permission, during save the attributes are removed and an error message is shown.