'iframe', // 'iframe' or 'proxy' 'width' => '100%', // iframe width 'height' => '800', // iframe height in px 'cache_minutes' => 60, // used only by proxy mode 'url' => 'https://alumni.lpu.in/search?searchparams=%7B%22authenticated_only%22:true%7D', ), $atts, 'lpu_alumni_embed' ); $mode = $atts['mode']; $url = esc_url_raw( $atts['url'] ); if ( 'proxy' === $mode ) { return lpu_alumni_proxy_output( $url, intval( $atts['cache_minutes'] ) ); } // Default: iframe embed $width = esc_attr( $atts['width'] ); $height = intval( $atts['height'] ); // Make responsive container to allow 100% width if requested ob_start(); ?> 20, 'headers' => array( 'Accept' => 'text/html,application/xhtml+xml', 'User-Agent' => 'WordPress/' . get_bloginfo( 'version' ) . '; ' . home_url() ), ) ); if ( is_wp_error( $response ) ) { return ''; } $code = wp_remote_retrieve_response_code( $response ); $body = wp_remote_retrieve_body( $response ); if ( 200 !== intval( $code ) || empty( $body ) ) { return ''; } // Basic sanitization: strip $html = preg_replace( '#(.*?)#is', '', $html ); // Remove inline event handlers like onclick=, onload= etc. $html = preg_replace( '/(<[a-z][^>]*?)\s+on\w+\s*=\s*(?:"[^"]*"|\'[^\']*\'|[^\s>]+)/i', '$1', $html ); // Remove #is', '', $html ); // Optionally remove forms that post back to remote host (if you want) // $html = preg_replace('#(.*?)#is', '', $html); // Remove tags to prevent automatic redirects $html = preg_replace( '#]+http-equiv=["\']?refresh["\']?[^>]*>#i', '', $html ); // If desired, further sanitize using wp_kses — here we'll allow a fairly wide set of tags but strip dangerous attributes $allowed_tags = wp_kses_allowed_html( 'post' ); // Remove 'style' attribute from allowed tags to avoid CSS injections (optional) foreach ( $allowed_tags as $tag => &$attrs ) { if ( isset( $attrs['style'] ) ) { unset( $attrs['style'] ); } } $clean = wp_kses( $html, $allowed_tags ); // Wrap in a container so we can style/size inside WP page. $wrapped = '

' . $clean . '

'; return $wrapped; }