iFrame tags stripped from event details

Hi There,

I've noticed that when I edit an event description from the frontend that has an iframe added, in this case I've embedded a youtube video, I think eventbooking is removing the iframe tags etc. If I do the same in the backend, it works.

I've tried several different editors, and no matter which one I use, the iframe tags are removed. Editing a normal article in joomla works fine when adding the iframe with the same editor.

Does eventbooking do some basic parsing of the event description?

Rgds,

scm7mae

Hello Mark

Yes. When event is submitted from frontend, we removed special tags. If you want to keep these tags, get this file, unzip it, upload to administrator/components/com_eventbooking/model/common folder, then check it again

It should work well. Also, you are loggin in using a super admin account, correct?

Regards,

Tuan

I downloaded, unzipped and uploaded the file and still get no iframe. Help?
Thank you.

Did you login using a super admin account to submit event from frontend?

Tuan

Hi.

I haven't tried the file yet. Will try it today. I was editing my events as a super user. I haven't tried adding an event with an iframe using a normal account. Do you want me to try that too?

Rgds,

Mark

Editing events as super admin account should work. Maybe you can post the HTML code you tried to enter into description here (paste it into a text file, then zip it and upload it here) so that we can try it ourself, too

Regards,

Tuan

I can't post the code. I keep getting XSS errors. Just to clarify, I am just trying to embed an iFrame to show a youtube clip.

User is Super User and Registered and the iFrame gets removed on submitting.

Also I have not yet tried your updated file. I will check it and get back to you.

hi there,

That patch works for me. I can now add iFrame to frontend. Will this change be wrapped into the next general release of the product?

scm7mae

There are several free Joomla extensions/modules available that allow you to embed YouTube videos into your site that you might also want to check out.

Note: Joomla itself normally doesn't allow iFrames for security reasons, unless you specifically override the setting (see example at forum.joomla.org/viewtopic.php?t=795176 )... I don't know if bypassing this normal restriction by default for every Event Booking user would be wise. I guess if it is restricted to only SuperAdmins, that would prevent most potential abuse, but even then it would be working counter to the way that Joomla normally runs (removing iFrames).

Yes. It is already included in download package on server - together with some fixes (which only happens on some sites) on Joomla 3.7.0 - guess it is related to PHP version, I still unsure yet

So if you want, access to My Downloads menu item, download the latest code base (still version 2.14.3) and upgrade it to your site

Regards,

Tuan