Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
Enabling iFrames
scottybweyy
New
I need to enable iframes since it appears I am unable to use thread wikis or member summaries. Reference this thread about vanilla supporting wikis - http://vanillaforums.org/discussion/27983/thread-wiki-or-member-summary#latest
I plan to manually just add an iframe to emded a mediawiki article in the thread if the OP requests it. I'm assuming there is no admin interface to the HTMLawed plug-in since it's hidden. Any details on exactly what files I need to edit would be great.
0
Comments
@scottybweyy
AfaIk the only way to do this is to edit the htmLawed plugin.
Go to the plugin folder and open the file class.htmlawed.plugin.php and edit around line 45 the line that begins
deleting the -iframe entry.
I'm sure you've informed yourself about the potential risks of allowing iframes.
Have you tried adding iframe to the allowed html elements in the config.php?
$Configuration['Garden']['Html']['AllowedElements']= "a, abbr, acronym, address, area, audio, b, bdi, bdo, big, blockquote, br, caption, center, cite, code, col, colgroup, dd, del, details, dfn, div, dl, dt, em, figure, figcaption, font, h1, h2, h3, h4, h5, h6, hgroup, hr, i, img, ins, kbd, li, map, mark, menu, meter, ol, p, pre, q, s, samp, small, span, strike, strong, sub, sup, summary, table, tbody, td, tfoot, th, thead, time, tr, tt, u, ul, var, video, wbr,iframe";❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
@whu66 Thank you that worked!
@vrijvlinder Thank you for your input. I'm not sure if that would have worked or not since I ended up editing the HTMLawed plug-in.
@whu66 Can you please elaborate on the potential risks. I am considering enabling iframes.
http://resources.infosecinstitute.com/iframe-security-risk/
the technique is to use a program called google and type the words .... security risks iframe
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
http://stackoverflow.com/questions/7289139/why-are-iframes-considered-dangerous-and-a-security-risk
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
http://www.iframehtml.com/iframe-security.html
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
I just don't see any other way to meet my requirement unless I use VBulletin, which I don't want to do.
@peregrine Do you or others do custom work?
Looking for:
I do and I have, but I am not taking any projects on right now. perhaps someone else can help you.
best to start a new discussion (seeking developer for hire), detailing specifics and how much you will pay. Developers will flock to you like bees go to honey when they see $$$
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Hehe. Thank you for giving me Google. It just changed my life!
Btw, I was thinking whether enabling iframes had partiular negative implications with regards to Vanilla per se.
Don't do it.
grep is your friend.
It is bad all-round. Let's put it this way it the sort of thing a hacker is trying to do anyway, whether you allow them to do it or not.
grep is your friend.
iframes are not the problem, but what they may contain is. You can use iframes for many things as static content. Like the kind to embed a video .
The problem is that unless you know the source of the iframe you run the risk of people posting malware or redirect people to a malware site.
People can use it to post a fake form and use html to supplant your real form and they can steal your user data. They can gain access to your sql database.
They could very well write malicious code on every file of your forum once they gain your user ID or some other form of injecting a script via an iframe.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Unfortunately that option does not work for me ...
Code in the editor
<div class="embeddedContent" data-align="center" data-oembed="https://here.youtube.url/watch?v=0E8xdhuOQCI" data-resizetype="noresize" style="text-align: center;"><iframe allowfullscreen="true" allowscriptaccess="always" frameborder="0" height="349" scrolling="no" src="http://here.youtube.url/embed/0E8xdhuOQCI?wmode=transparent&jqoemcache=SogOe" style="" width="425"></iframe></div>Out code after publish the post:
<div class="embeddedContent" style="text-align: center;"></div>Have you edited the HTMLawed plugin as I suggested a bit above that post?
Ohh man, thanks a lot, now work...
It is funny you tell people not to shoot themselves in the foot, they do it anyway.
if you are trying to directly insert iframes for youtube videos you are doing it wrong.
grep is your friend.
I konw, the problem is that my community use videos from other sites, and i publish here a any example, this case with youtube, i know that i can post only the youtube a vimeo link and work... I trying to work with this http://ckeditor.com/addon/oembed for my community, I've been using vanilla and 3 years in my community and recent updato to 2.1.3, some thing changes...
It's funny how some people judge without knowing circumstances ...
ahhh @x00 now remember in a post about ckeditor and bbcode...not everyone has the same way of thinking or seeing things and each have their needs for specific issues, I think if you have nothing to contribute to certain discussions should at least respect the way of working of each.
@JoZ3_69
I think x00 was referring to the warnings about the potential dangers of allowing i-frames.
As long as you are aware of them, and prepared to accept the consequences, it's your site to do with as you will!