CKE, oembed and iframes
  • I've hit a problem with iframes and CKE that I've not encountered before.

    CKE is configured with the Oembed plugin, which usually does a good job of embedding iframes. This works fine in CMS pages, and the Fuel Blog module, and works on insert into the WYSIWYG in an advanced module, but when saved it converts the iframe to entities.

    What might the advanced module be doing that the Pages / Blog one isn't?
  • This sounds like the result of the xss_clean which is run by default on save. Try adding this to your simple module's configuration:
    'sanitize_input' => array('template','php'),
  • Aha, I put the above in application/config/MY_fuel_modules and it had no effect, but putting it in the advanced module' config worked! I've only just noticed that "module"_fuel_modules gets created by the module generation CLI.
  • Now I have a similar issue with oembed and regular Fuel CMS pages - if I add an iframe with CKE it shows in the WYSIWYG OK initially, but on save the iframe html is entitised (Fuel v1.3)

    I'm sure there is a config to fix this, but I admit to forgetting it! At first I thought it might be to do with globa_xss_filtering, but changing that to false doesn't help.
  • Anything to do with this https://www.drupal.org/node/803562
    ...a gotcha I came across some time ago...
  • That's a good point... is it an issue only when using CKEditor?
  • I'll try markitup, but then I won't have Oembed...

    Actually I had a video embedded in the database via CKE / Oembed previously, and it is only recently on re-saving that the issue has come to light. It's been a few weeks since I put the content in and a lot has happened development wise since. Of course, it may be the re-saving which is the issue...

    I will test
  • OK - some gap here, but I found a related solution:


    $config['modules']['pages'] = array(
    'sanitize_input param' => array('template','php'),
    'hidden' => TRUE // we don't want this showing under modules
    );


    This appears to work, but feels like a hack! is there a more appropriate way of doing this?

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!