HTML Fields Replacing or Removing Code Entered and Breaking

  • Resolved FAOU

    (@faou)


    3 months, 2 weeks ago

    I was trying to do something very similar to what is described in the Forminator documentation about pre-population. In one instance, I was trying to put an iframe in an HTML field before the form was submitted, but the HTML field keeps removing the HTML.

    In another instance, I am trying to have some HTML (a div and script tag) be presented after the form is submitted, but there are two bugs with Forminator making it impossible: (1) The ampersand (&) in a URI keeps getting replaced by & which breaks the whole thing. This was mentioned in a number of Forminator support threads. They were closed as resolved saying it would be fixed with an update, but the updates have not fixed it. (2) Any script I add to an HTML field is removed by Forminator upon saving. I am trying to use Forminator to gather info and conditionally pass some info via URI parameters to another service. I want it to act as a wall to not show this content except upon submission, but I cannot get Forminator to show this content. I really love Forminator and recommend it all the time, but Forminator is making this basic outcome impossible.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Kris – WPMU DEV Support

    (@wpmudevsupport13)

    Hi @faou

    I hope you are doing well today.

    When it comes to iframe and scripts, Forminator by default removes those tags due to security reasons. However, you can use this code as a mu-plugin:

    <?php 

    if ( ! function_exists( 'wpmudev_forminator_enable_iframe' ) ) {
        function wpmudev_forminator_enable_iframe() {
            $form_exists = has_shortcode( get_the_content(), 'forminator_form' );
            if ( $form_exists ) {
                ?>
                <script type="text/javascript">
                (($, d) => {
                    $(d).ready(function() {
                        $("#forminator-module-1609 #html-1").html('<iframe src="URL"width="100%" height="800" frameBorder="0">');
                    });
                })(jQuery, document);
                </script>
                <?php
            }
        }
        add_action( 'wp_footer', 'wpmudev_forminator_enable_iframe', 9999 );
    }

    Please note, that you should update the form ID (1609) and HTML-1 to your html field. Also, replace the URL with the correct one.

    Please find more details here about how to add mu-plugin:?https://wpmudev.com/docs/using-wordpress/installing-wordpress-plugins/#installing-mu-plugins

    As for ampersand issue can you try this updated code:

    <?php

    add_filter( 'forminator_form_submit_response', 'wpmudev_fix_response_url_redirect', 20, 2 );
    add_filter( 'forminator_form_ajax_submit_response', 'wpmudev_fix_response_url_redirect', 20, 2 );
    function wpmudev_fix_response_url_redirect( $response, $form_id ) {
    	if ( $form_id != 6 ) {
    		return $response;
    	}

    	if ( ! empty( $response['url'] ) ) {
            $response['url'] = urldecode($response['url']);
            $response['url'] = str_replace('#038;', '&', $response['url']);
    	}

    	return $response;
    }

    Kind Regards,
    Kris

    Thread Starter FAOU

    (@faou)

    Thank you for your quick response! Grateful for your help!

    You said that Forminator disables scripts and iframes due to security concerns. What are those concerns? I do not want to compromise our site or any others we work on, but I do not understand how allowing the creator of the form to put in scripts and iframes in the HTML fields (or HTML shown after the form submission) compromises a site’s security. I want to understand before using your code. Also, does Forminator have any plans to enable this in a future update?

    Upon further research, I now think the ampersand being replaced with &amp; is not an issue. Somehow, while learning HTML, I never learned ampersands were supposed to be escaped in attributes. I don’t even usually see HTML written like that. Apologies for my mistake.

    Plugin Support Laura – WPMU DEV Support

    (@wpmudevsupport3)

    Hi @faou,

    Hope this message finds you well.

    Is not only Forminator text editor, <iframe> tag is also removed by WordPress, this is due to malware injections usually use this tag.

    The code provided by our devs is secure to use, you should not enable any security breach on your site.

    When it comes to Forminator text editor, no, our team will not allow <iframe> tags in the future.

    Let us know if you require additional assistance.

    Best regards,
    Laura

    Plugin Support Dmytro – WPMU DEV Support

    (@wpmudevsupport16)

    Hello @faou 00kevin,

    I hope we were able to address your query.

    As we haven’t heard back from you for some time, I’ll be marking this topic as resolved for now. Please feel free to reply in case you have further questions.

    Best Regards,
    Dmytro

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.