iFrames Being Stripped out

  • Resolved SooBahkDo

    (@soobahkdo)


    12 years, 1 month ago

    Hello,

    Perhaps I am missing a setting, but isn’t there a way to prevent iframes from being stripped out on save?

    We have the multisite license for PRO, but users began complaining as soon as we rolled it out replacing TinyMCE Advanced because they are now unable to paste iframe videos into their posts, etc.

    I looked through settings, but must be missing something to make this behave properly.

    Please advise.

    Thanks!
    Phil D

    https://www.ads-software.com/extend/plugins/ultimate-tinymce/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Josh

    (@josh401)

    Hi Phil,

    Well, I would use the “Insert Media” button to insert the iFrame into the post content.

    Once you click the “Insert Media” button in the editor… a popup window will appear. There is a dropdown which will let you select the source of the media… one of them being iFrame.

    However, this button basically inserts the iFrame into the HTML source the same way as if you were to type it out by hand. So, if it’s being stripped out… it’s possible there is something else going on.

    Try my method above.. and if it still strips it out, let me know and we can progress from there.

    Thread Starter SooBahkDo

    (@soobahkdo)

    Hi Josh,

    Let me clarify that its the default WordPress stripping (from what I have read) that occurs on a Multisite Installation for all users but the Network Super Admin which I am seeking to modify. https://codex.www.ads-software.com/Roles_and_Capabilities
    https://www.ads-software.com/extend/plugins/filtered-html-for-editors/faq/

    I am seeking to give administrators and authors on each subsite the ability to embed iframes. Or I would create a special role with a role manger plugin and assign that role to all approved users but that seems a bit labor intensive.

    Typical solutions suggested are the two year old plugin “Unfiltered MU” (which many report ceased working at 3.0), and an old unsupported WPMUDEV plugin called Additional Tags that let site owners define additional tags users could use in HTML markup. https://premium.wpmudev.org/forums/topic/additional-tags-plugin

    Also hacking the kses was suggested (but highly advised against) and then of course there are all the plugins that use oEmbed to insert videos from trusted sources, toolbar button like those on your plugin and adding additional trusted oEmbed sources to functions.php.

    Adding additional trusted sources could cover some instances but not all and the modified file would get overwritten with a WP upgrade, sooooooo
    https://codex.www.ads-software.com/Embeds

    Our WP Network is semi-private and users are verified, so I am interested in allowing users of a trusted role to embed unfiltered HTML (specifically iframe content) from whatever source they want.

    I grasp the security issues involved and I would think that a TinyMCE editor plugin or a dedicated special plugin would exist to manage this.

    The goal is simple, – on a WP Multisite installation with trusted users, grant selected user roles (primarily subsite admins) the ability in the editor to embed unfiltered HTML so that switching between visual and HTML in the editor does not strip out iframes, etc.

    Is this a pipe dream?

    Thanks!
    Phil D

    Thread Starter SooBahkDo

    (@soobahkdo)

    Hi Josh,

    I received the following input on the WPMUDEV forum:

    ****************
    Greetings Phil D,

    Thank you for the great additional input, it is very helpful and clarifying to include routes you have already considered.

    As we know by default WordPress editor does not allow html tags to include iframes which will be stripped out by the editor.

    The code below will force the editor to accept more tags. Just paste it into your theme functions.php file, save it, and you’re done.

    function fb_change_mce_options($initArray) {
    $ext = ‘pre[id|name|class|style],iframe[align|longdesc| name|width|height|frameborder|scrolling|marginheight| marginwidth|src]’;

    if ( isset( $initArray[‘extended_valid_elements’] ) ) {
    $initArray[‘extended_valid_elements’] .= ‘,’ . $ext;
    } else {
    $initArray[‘extended_valid_elements’] = $ext;
    }

    return $initArray;
    }
    add_filter(‘tiny_mce_before_init’, ‘fb_change_mce_options’);
    Or for even more advanced tag allowance:

    function fb_change_mce_options($initArray) {
    // Comma separated string od extendes tags
    // Command separated string of extended elements
    $ext = ‘pre[id|name|class|style],iframe[align|longdesc|name|width|height|frameborder|scrolling|marginheight|marginwidth|src]’;
    if ( isset( $initArray[‘extended_valid_elements’] ) ) {
    $initArray[‘extended_valid_elements’] .= ‘,’ . $ext;
    } else {
    $initArray[‘extended_valid_elements’] = $ext;
    }
    // maybe; set tiny paramter verify_html
    //$initArray[‘verify_html’] = false;
    return $initArray;
    }
    add_filter(‘tiny_mce_before_init’, ‘fb_change_mce_options’);

    Please advise if this indeed does the job for us.

    *************

    I replied as follows:

    Thanks very much for the reply.

    Is it possible to incorporate such code in a plugin.

    The problem with manual modifications to theme function files WP Multisite is we have over 300 themes and manual edits will get overwritten with updates.

    Can the functionality of the code you provided be incorporated in a plugin?

    Such a plugin might then be a premium feature on ProSites and/or activated site by site for only trusted users on a WP network.

    I though this functionality was what Additional Tags plugin provided and am not sure why it was abandoned. Perhaps someone could provide a copy of it unless it is known to be broken at WP3.4.2.

    ************

    So Josh, is this feasible from your perspective and/or as a possible feature related to Ultimate TinyMCE?

    Thanks,
    Phil D

    Plugin Author Josh

    (@josh401)

    Okay, Phil.

    Go ahead and use my contact form to send me a personal message. In this message, please include an admin level login to your WP installation.

    Also, please set me up another user account with the permissions set to a lower lever… where the iFrame is being stripped out.

    Lastly, please include all relevant login urls.

    We will get this working properly!

    Oh, here is the link to my contact form:
    https://joshlobe.com/contact-me/

    I am interested in this as well… Our multi-site install also used the Additional Tags plugin in order to allow our blog admins to use code that WP strips out.

    Now only the SuperAdmin can add this kind of code (the plugin no longer works on all code).

    I would like to offer this ability to trusted users, if possible.

    Any updates on a solution that doesn’t involve manually editing every theme?

    Plugin Author Josh

    (@josh401)

    Hello,

    I don’t recall ever hearing back from “SooBahkDo”… although it’s certainly possible ??

    But, after looking at his code suggestion… I’m thinking this can be done from a plugin.

    Please use my contact form mentioned in my last comment above to send a message. Please also include the relevant info in your message so I know where it originated.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘iFrames Being Stripped out’ is closed to new replies.