Allowing iframe in forum posts

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
2/3/2014 3:53:29 AM
blaataap
Gravatar
Total Posts 23
View Posts

Allowing iframe in forum posts

I want mij users to allow embedding youtube video's. Since the new embedded code of youtube will generate an iframe i want iframes to be allowed by neathtml or whatever it is blocking it.

What i tried is editing the allowedTags in ~/NeatHTML/NeatHTML.js but this isnt actually working. When posting a new reply and using a youtube addon for ckeditor i see the editor showing a iframe is being included but as soon as i post it isnt showing in the forums.

I tried searching for a solutions but didnt find anything helpfull on the mojoportal forums so im wondering if its possible and if im approaching this the right way.

2/3/2014 10:47:06 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Allowing iframe in forum posts

Hi,

Forums were designed to protect against potential malicious content entered by untrusted users. iframes can be used for malicious content and therefore it is kind of dangerous to allow strangers to put iframes in your web pages. Our protection strategy is not based on protecting user input for a number of good reasons we instead protect output so we use NeatHtml to filter out things like iframe which are not allowed because of the risks.

However if you want to allow such content you can mark a user as "Trusted" from the manage users page. If you want to trust all users then you could do

UPDATE mp_Users Set Trusted = 1

and you could change the default value of the column from 0 to 1 so that new users will be trusted by default.

Hope that helps,

Joe

2/3/2014 3:33:31 PM
blaataap
Gravatar
Total Posts 23
View Posts

Re: Allowing iframe in forum posts

Hi Joe,

I know it could be a potential danger. That is why im planning on controlling the source thats being used in the iframe src. I will force it to only allow youtube domain.

Thanks for the answer though, im sure ill get it to work with that.

 

2/4/2014 3:45:03 AM
blaataap
Gravatar
Total Posts 23
View Posts

Re: Allowing iframe in forum posts

Ahh, just found out that trusted means that you can bypass neathtml. This is not what i wanted so i changed the neathtml.js to only allow a regex src just for youtube.

You must sign in to post in the forums. This thread is closed to new posts.