Content Mask

Example: If you built a landing page on landing-page-builder.com/your-landing-page/, you can simply create a new Page on your website at your-site.com/landing-page/ and paste in the URL of your landing page. The Content Mask plugin will then download and cache of copy of your landing page directly on your website, so any visitors that come to your-site.com/landing-page/ will see the landing page you built. This allows you to keep all of your links integrated into your WordPress Website.

1. Just enable the Content Mask on any Page, Post, or Custom Post type by clicking on the check mark.
2. Then put in the URL that contains the content you want to embed.

• Using the Download method (default) will fetch the content from the Content Mask URL, cache it on your website, and replace the current page request with that content. By default, this cache lasts 4 hours - but it can be changed anywhere from "Never Cache" all the way up to "Cache for 4 Weeks". Caching prevents the need for additional requests that slow down your site.
• Using the Iframe method will replace the current page request with a full width/height, frameless iframe containing the host URL. This method is ideal if the URL you want to embed won't serve scripts, styles, or images to other URLs or IP Addresses. If you use the Download Method, and links or images look broken, you can try the Iframe method instead.
• Using the Redirect (301) method will simply redirect the visitor to the host URL.

• [Views] shows how many times that Content Mask page has been viewed by anybody (even logged in users)
• [Non-User] shows how many times it's been viewed by visitors that are not logged in to the website.
• [Unique] shows how many times it's been viewed by unique IP addresses. Note: IP addresses are one-way hashed and are not identifiable in any way.

• Do NOT use Content Mask on any content you aren't explicitly authorized to share or use. Please confirm you're allowed to utilize and embed the content before embedding any particular URL.
• Content embedded using the Download method is cached using the WordPress Transients API for 4 hours by default. If the content on the external URL is updated and you would like a fresh copy, you may just click the "Update" button on the Page, Post, or Custom Post Type to refresh the transient, or click the "Refresh" link in the Content Mask Admin panel. You may also change the cache expiration timer per page anywhere from "Never" to "4 weeks".
• You may use the Transients Manager plugin to manage transients stored with the Download method. All Content Mask related transients contain the prefix "content_mask-" plus a stripped version of the Content Mask URL, such as "content_mask-httpxhynkcom".
• ‡ Your site may be prevented from processing page requests for any reason; Reasons include, but are not limited to: masking unauthorized content, at the request of the masked URL site owner, masking hateful content, masking illegal content, circumventing IP bans, etc. A dual one-way encrypted hash of your masking URL may be used to check for infraction. No identifying information will be used for this check, and no information is saved other than as a transient to prevent unnecessary duplicate checks per site

1. Upload the content-mask folder to your /wp-content/plugins/ directory.
2. Activate the "Content Mask" plugin.

1. Edit (or Add) a Page, Post, or Custom Post Type.
2. Underneath the page editor, find the "Content Mask Settings" metabox.
3. Click the Checkmark on the left to enable Content Mask.
4. Paste a URL in the Content Mask URL field.
5. Choose a method: Download, Iframe, or Redirect (301).
6. Update (or Publish) the Page, Post or Custom Post Type.
7. That's all! When a user visits that Page, Post or Custom Post Type, they will instead see the content from the URL you have put in the Content Mask URL field.

• Fix titles on iframe pages with some themes

• Fix null-coalescing operator for PHP 7.3 in admin panel

• Minor CSS Fixes for Columns
• Allow custom "Go Back

• fix for non-slashed relative urls in Download method

• adjust kses for SVGs and output

• Fix count in unique views

• allow more in kses

• Allow 'id' attribute in style and script tags for kses

• More pragmatic approach to wp_kses for scripts, styles, and HTML elements in single script areas and universal script areas
• Fixed Universal CSS in iframe and download

• Adjust wp_kses to allow script src

• Fixed individual footer scripts not being parsed and displayed

• Fixed missed/broken escapes and entity decoding for some header/footer sections

• Fixed missed SE/EL/AV mantra
• Added kses to some outputs

• Additional early sanitization
• additional late escaping in iframe output

• Additional Sanitization and Escaping
• Fixed accidental var_dump
• Adjusted script field display

• Added much more escaping and sanitization where required. Attributes, URLs, and bare HTML are escaped.
• Added individual function nonces for additional security, no longer reliant on a single nonce.
• Changed most concatenation to formatted strings for clarity and ease of escaping.

• Added WP Nonce Validation to all AJAX requests
• Checked user permissions/caps where necessary
• Patched security vulnerability where authenticated users could modify non-content mask options

• Add "Footer Scripts" section for Download and Iframe method
• Fix minor script access issue

• Fix PHP notice from smoke test for post_type_XYZ_checked dynamic variable

• Adjust single post type metabox to better illustrate Mask state
• Additional CSS to handle screen sizes better

• Prevent Content Mask save_meta function from running on post types that aren't considered "public", also hid meta box

• Fixed an issue with headers being sent and an error showing in the customizer

• Fixed an issue where Content Mask admin styles were being applied to other elements on the edit.php admin base screen.

• Modified IFL check
• Added Post Types to "Hide Content Mask From" list. Removes meta box and all active page processing for specificed post type(s).

• In some instances, roles aren't set when checked. Forced to array or skip in all cases.

• Replace deprecated functions

• Added "Content Mask Role" permissions. All roles enabled by default. Users with "manage_options" capability can disable Content Masking admin page/metabox for each role.
• Require "manage_options" capability to modify content mask options or scripts/styles settings

• Minor updates to IFL Request check, fix two further undefined index warnings on iframe specific requests

• Check infractions list, fix PHP string/array comparison warning in metabox.

• Fix in_array errors in metabox

• Fixed two inconsequential PHP notices

• Updated jQuery.load call to jQuery.on('load')

• Added an option "Return Link" to allow users to go back to their previous page.

• Accidentally left in diagnostic code in "condition permissions", this has been removed.

• Fixed scripts and styles saving in the admin
• Added condition permissions

• Allow use of standard wp_head() in iframes

• Minor fixes from 1.8.1

• Patched some minor security vulnerabilities exposed by PHP Grinder
• Allow Role-Based Content Mask Permission Locking.
• Added Support-based Iframe Query-Parameter Overrides

• Allow variants of 'localhost' in the Content Mask URL

• Allow passing of URL parameters to iframe
• update baked in version

• Updated Chrome User Agent String for HTTP Headers option

• Fixed displaying visitor tracking columns in admin panel

• Compatibility for WordPress 5.4 confirmed
• Fixed an issue where the Refresh Transient option wasn't working properly
• Made find/replace functions in the download method more reliable.
• Added content generator meta tag in the tag on the download method.

• Fixed an issue where Error Reporting was turned on for the entire site after updating

• Introduced a method to easily create new content masks from the Content Mask admin panel.
• Content Mask has partnered with WhirLocal to embed Landing Pages and other content. A link to sign up for a FREE account has been added to the admin panel.