WordPress · westonruter · Feb 6, 2025 · Feb 5, 2025 · Feb 5, 2025 · Feb 6, 2025
@@ -127,6 +127,10 @@ function od_compose_site_health_result( $response ): array {
 		$message = wp_remote_retrieve_response_message( $response );
 		$body    = wp_remote_retrieve_body( $response );
 		$data    = json_decode( $body, true );
+		$header  = wp_remote_retrieve_header( $response, 'content-type' );
+		if ( is_array( $header ) ) {
+			$header = array_pop( $header );
+		}
 
 		$is_expected = (
 			400 === $code &&
@@ -156,7 +160,16 @@ function od_compose_site_health_result( $response ): array {
 				$result['description'] .= '<blockquote>' . esc_html( $data['message'] ) . '</blockquote>';
 			}
 
-			$result['description'] .= '<details><summary>' . esc_html__( 'Raw response:', 'optimization-detective' ) . '</summary><pre style="white-space: pre-wrap">' . esc_html( $body ) . '</pre></details>';
+			if ( '' !== $body ) {
+				$result['description'] .= '<details><summary>' . esc_html__( 'Raw response:', 'optimization-detective' ) . '</summary>';
+
+				if ( is_string( $header ) && str_contains( $header, 'html' ) ) {
+					$escaped_content        = htmlspecialchars( $body, ENT_QUOTES, 'UTF-8' );
+					$result['description'] .= '<iframe srcdoc="' . $escaped_content . '" sandbox width="100%" height="300"></iframe></details>';
+				} else {
+					$result['description'] .= '<pre style="white-space: pre-wrap">' . esc_html( $body ) . '</pre></details>';
+				}
+			}
 		}
 	}
 	return $result;
@@ -238,14 +251,24 @@ function od_maybe_render_rest_api_health_check_admin_notice( bool $in_plugin_row
 		$message = "<details>$message</details>";
 	}
 
-	wp_admin_notice(
+	$notice = wp_get_admin_notice(
 		$message,
 		array(
 			'type'               => 'warning',
 			'additional_classes' => $in_plugin_row ? array( 'inline', 'notice-alt' ) : array(),
 			'paragraph_wrap'     => false,
 		)
 	);
+
+	echo wp_kses(
+		$notice,
+		array_merge(
+			wp_kses_allowed_html( 'post' ),
+			array(
+				'iframe' => array_fill_keys( array( 'srcdoc', 'sandbox', 'width', 'height' ), true ),
+			)
+		)
+	);
 }
 
 /**

@@ -120,12 +120,33 @@ public function data_provider_test_rest_api_availability(): array {
 						'code'    => 403,
 						'message' => 'Forbidden',
 					),
+					'headers'  => array(
+						'content-type' => 'text/html',
+					),
 					'body'     => "<html>\n<head><title>403 Forbidden</title></head>\n<body>\n<center><h1>403 Forbidden</h1></center>\n<hr><center>nginx</center>\n</body>\n</html>",
 				),
 				'expected_option'      => '1',
 				'expected_status'      => 'recommended',
 				'expected_unavailable' => true,
 			),
+			'other_forbidden' => array(
+				'mocked_response'      => array(
+					'response' => array(
+						'code'    => 403,
+						'message' => 'Forbidden',
+					),
+					'headers'  => array(
+						'content-type' => array(
+							'text/html; charset=utf-8',
+							'application/xhtml+xml',
+						),
+					),
+					'body'     => '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don\'t have permission to access this resource.</p></body></html>',
+				),
+				'expected_option'      => '1',
+				'expected_status'      => 'recommended',
+				'expected_unavailable' => true,
+			),
 			'error'           => array(
 				'mocked_response'      => new WP_Error( 'bad', 'Something terrible has happened' ),
 				'expected_option'      => '1',
@@ -151,6 +172,10 @@ public function test_rest_api_availability( $mocked_response, string $expected_o
 		$this->filter_rest_api_response( $mocked_response );
 
 		$result = od_test_rest_api_availability();
+		if ( 'nginx_forbidden' === $this->dataName() ) {
+			$notice = get_echo( 'od_render_rest_api_health_check_admin_notice_in_plugin_row', array( 'optimization-detective/load.php' ) );
+			$this->assertStringContainsString( '</iframe>', $notice );
+		}
 		$this->assertArrayHasKey( 'label', $result );
 		$this->assertArrayHasKey( 'status', $result );
 		$this->assertArrayHasKey( 'badge', $result );