- Version
- Download 42
- File Size 0.00 KB
- File Count 1
- Create Date October 26, 2023
- Last Updated May 29, 2024
Advanced iFrame Pro v2024.4
Changelog
2024.4
- New: Tested with WordPress 6.5.3
- Fix: When using arrays in the parameters was causing an error. If this is now the case no optimization of placeholders are done anymore.
- Security fix: Added additional filters to some Javascript parameters to increase security.
2024.3
- Security fix: The filter attribute method now filters shortcode attributes which are parsed wrong by WordPress if the user does not have the unfiltered_html permission.
- Security fix: #x28 and #x29 are filtered if the user does not have the unfiltered_html permission.
2024.0
- Security fix: The include_html attribute are now only allowed to be used if you have the permission “unfiltered_html”, that you need in WordPress to use iframes. If you do not have this permission, during save the attribute is removed and an error message is shown.
- Security fix: All shortcode attributes have now input sanitation to avoid Stored Cross-Site Scripting at save if you do not have the permission “unfiltered_html”! This happens in the normal editor and also in the Gutenberg block! Please get the unfiltered_html permission if you get an error message while you want to use ‘();= or a space in attributes. This sanitation is very general and does not allow all possible things you can do with advanced iframe. As 99.9% of the users who add an iframe are editors or above this should affect almost no one directly and it makes the plugin more secure.
- Security fix: ” inside advanced iframe shortcode attributes is not allowed anymore to avoid XSS attacks.
- Security fix: Additional output filtering of short code attributes directly used in HTML or Javascript to avoid XSS attacks. This is done for ALL roles!
- New: The scroll to top in the external workaround is now also supporting the “touched” event next to the “click” event.
- New: The documentation was improved for scroll to top as the external workaround is also supporting “iframe” if “Scrolls the parent window/iframe to the top” is set to iframe.
2023.10
- New: Support for Partitioned; See https://developer.chrome.com/docs/privacy-sandbox/third-party-cookie-phase-out/ for details. All places where SameSite=None is set also Partitioned; is added now.
- Fix: When saving the administration the detection of modified ai.min.js could cause a file_exists too long error with a lot of text shown. A wrong variaentation ble was used here which is fixed now. Now also the detection works that ai.min.js is regenerated again and again.
2023.9
- Security fix: The onload and custom attributes are now only allowed to be used if you have the permission “unfiltered_html”, that you need in WordPress to use iframes. If you do not have this permission, during save the attributes are removed and an error message is shown.