In the groups mod on edit page, when I insert an embedded iframe code after I save it, it automatically changes the code to some youtube bs and not the code i originally entered. I also tried using the video icon to generate the code, works great in the preview, but again after I save it, same old thing, it changes it you a youtube code. Note: It only does this as a user, if i use the admin account and edit the group page it works fine. My guess is that it is autocorrecting to support youtubes videos by default for users, but not all videos esp live streaming comes from youtube.
Anyone know a work around for this?
|
Use the old embed code (non - iframe) My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I have tried all the others, either does the same thing or it says the format is not supported.
I think you may have read my post wrong. I think you are talking about embedding a youtube video. My problem is that its not a youtube video, it from another site broadcasting live video.
I also have another issue that even when it was edited by admin it only worked on firefox browser and not chrome, but i think that is a chrome issue, not the site.
|
Removed.... useless information. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I think this might help. This is an example of what happens when a user tries to use the code.
Original code entered:
<iframe width="320" height="240" src="http://link_to_non_youtube_video"></iframe>
Submitted
Screenshot of page after submitted: (sometimes also just a blank youtube player)
Click Edit
This code now:
<p><iframe width="320" height="240" frameborder="0" allowfullscreen="" src="http://www.youtube.com/embed/?wmode=opaque" alt="?wmode=opaque"></iframe></p>
|
well ok i understand more now. The thing is I want users to embed anything from any site. This particular user was trying to embed a live broadcast from twitch.tv. Is there a way to turn off the HTMLPurifier for users, I know its a security problem but its a private site with close friends so i dont care about that so much. |
RE
Is there a way to turn off the HTMLPurifier for users, I know its a security problem but its a private site with close friends so i dont care about that so much.
In The file /inc/utils.inc.php
Find this:
function clear_xss($val)
{
if ($GLOBALS['logged']['admin'])
return $val;
Edit so it looks like this:
function clear_xss($val)
{
if ($GLOBALS['logged'])
return $val;
There will come a day where you'll be sorry you did this. Don't say I didn't warn you when that day comes... it might not take long.
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
Thanks but out of curiosity, how would you go about adding an approved site to the HTMLPurifier? |
If you want to take a more sensible approach that doesn't completely bypass html purifier, I've attached a new utils.inc.php
In this file, I've disabled the youtube iframe filter supplied with Dolphin, and added some new configuration directives, that will allow embedding iframe videos from YouTube, Vimeo, and twitch.tv
Other sites can be added. At least this way, you maintain control over your site, and your members can't willingly or accidentally destroy it. Trust me on this one... you DO NOT want to bypass HTMLPurifier. People have a tendency to cut and paste things, and hell knows what may end up on your site.
Give the attached file a try. Just rename your existing utils.inc.php file to utils.inc.php.bak then upload this one in its place
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
Here are the changes I made to utils.inc.php
// HTML Purifier plugin
global $oHtmlPurifier;
require_once( BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php' );
if (!isset($oHtmlPurifier)) {
HTMLPurifier_Bootstrap::registerAutoload();
$oConfig = HTMLPurifier_Config::createDefault();
$oConfig->set('HTML.SafeIframe', 'true'); //added this directive
$oConfig->set('HTML.SafeObject', 'true');
$oConfig->set('Output.FlashCompat', 'true');
$oConfig->set('HTML.FlashAllowFullScreen', 'true');
if (getParam('sys_antispam_add_nofollow')) {
$sHost = parse_url(BX_DOL_URL_ROOT, PHP_URL_HOST);
$oConfig->set('URI.Host', $sHost);
$oConfig->set('HTML.Nofollow', 'true');
}
$oConfig->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|www\.twitch\.tv)%'); //allow YouTube and Vimeo and twitch.tv iframe embed code
// $oConfig->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo iframe embed code
// $oConfig->set('Filter.Custom', array (new HTMLPurifier_Filter_LocalMovie(), new HTMLPurifier_Filter_YouTube(), new HTMLPurifier_Filter_YoutubeIframe())); //disabled standard youtube filters
$oDef = $oConfig->getHTMLDefinition(true);
$oDef->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
$oHtmlPurifier = new HTMLPurifier($oConfig);
}
Note how the twitch url is added after a pipe character, and how periods are escaped
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
Thanks that works great, just hope if any other sites need to be added in the future i will be able to do it without bother you haha,
thanks again.
|
RE:
Thanks that works great, just hope if any other sites need to be added in the future i will be able to do it without bother you haha,
thanks again.
I entered a trac ticket for this, since it's something that's talked about a lot.
http://www.boonex.com/trac/dolphin/ticket/3479
Maybe it will get included in the next release, so all that you'd need to do, would be to enter a list of allowed urls in admin.
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
