Note the upgraded forum! If you are experiencing issues logging in, you may need to reset your password which should send an email. If the email doesn't arrive, be sure to check your spam folder just in case.

CKE, oembed and iframes

edited June 2014 in Share
I've hit a problem with iframes and CKE that I've not encountered before.

CKE is configured with the Oembed plugin, which usually does a good job of embedding iframes. This works fine in CMS pages, and the Fuel Blog module, and works on insert into the WYSIWYG in an advanced module, but when saved it converts the iframe to entities.

What might the advanced module be doing that the Pages / Blog one isn't?

Comments

  • edited 7:10PM
    This sounds like the result of the xss_clean which is run by default on save. Try adding this to your simple module's configuration:
    'sanitize_input' => array('template','php'),
  • edited 7:10PM
    Aha, I put the above in application/config/MY_fuel_modules and it had no effect, but putting it in the advanced module' config worked! I've only just noticed that "module"_fuel_modules gets created by the module generation CLI.
  • edited 7:10PM
    Now I have a similar issue with oembed and regular Fuel CMS pages - if I add an iframe with CKE it shows in the WYSIWYG OK initially, but on save the iframe html is entitised (Fuel v1.3)

    I'm sure there is a config to fix this, but I admit to forgetting it! At first I thought it might be to do with globa_xss_filtering, but changing that to false doesn't help.
  • Anything to do with this https://www.drupal.org/node/803562
    ...a gotcha I came across some time ago...
  • edited 7:10PM
    That's a good point... is it an issue only when using CKEditor?
  • edited December 2015
    I'll try markitup, but then I won't have Oembed...

    Actually I had a video embedded in the database via CKE / Oembed previously, and it is only recently on re-saving that the issue has come to light. It's been a few weeks since I put the content in and a lot has happened development wise since. Of course, it may be the re-saving which is the issue...

    I will test
  • edited 7:10PM
    OK - some gap here, but I found a related solution:

    $config['modules']['pages'] = array( 'sanitize_input param' => array('template','php'), 'hidden' => TRUE // we don't want this showing under modules );

    This appears to work, but feels like a hack! is there a more appropriate way of doing this?
Sign In or Register to comment.