- Posts: 40
- Thank you received: 6
iFrame tags stripped from event details
- Mark Evans
- Topic Author
- Offline
- Senior Member
Less
More
6 years 11 months ago - 6 years 11 months ago #97618
by Mark Evans
iFrame tags stripped from event details was created by Mark Evans
Hi There,
I've noticed that when I edit an event description from the frontend that has an iframe added, in this case I've embedded a youtube video, I think eventbooking is removing the iframe tags etc. If I do the same in the backend, it works.
I've tried several different editors, and no matter which one I use, the iframe tags are removed. Editing a normal article in joomla works fine when adding the iframe with the same editor.
Does eventbooking do some basic parsing of the event description?
Rgds,
scm7mae
I've noticed that when I edit an event description from the frontend that has an iframe added, in this case I've embedded a youtube video, I think eventbooking is removing the iframe tags etc. If I do the same in the backend, it works.
I've tried several different editors, and no matter which one I use, the iframe tags are removed. Editing a normal article in joomla works fine when adding the iframe with the same editor.
Does eventbooking do some basic parsing of the event description?
Rgds,
scm7mae
Last edit: 6 years 11 months ago by Mark Evans.
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
6 years 11 months ago #97636
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic iFrame tags stripped from event details
Hello Mark
Yes. When event is submitted from frontend, we removed special tags. If you want to keep these tags, get this file, unzip it, upload to administrator/components/com_eventbooking/model/common folder, then check it again
It should work well. Also, you are loggin in using a super admin account, correct?
Regards,
Tuan
Yes. When event is submitted from frontend, we removed special tags. If you want to keep these tags, get this file, unzip it, upload to administrator/components/com_eventbooking/model/common folder, then check it again
It should work well. Also, you are loggin in using a super admin account, correct?
Regards,
Tuan
Please Log in or Create an account to join the conversation.
- Scott Steele
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
6 years 11 months ago #97742
by Scott Steele
Replied by Scott Steele on topic iFrame tags stripped from event details
I downloaded, unzipped and uploaded the file and still get no iframe. Help?
Thank you.
Thank you.
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
6 years 11 months ago #97752
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic iFrame tags stripped from event details
Did you login using a super admin account to submit event from frontend?
Tuan
Tuan
Please Log in or Create an account to join the conversation.
- Mark Evans
- Topic Author
- Offline
- Senior Member
Less
More
- Posts: 40
- Thank you received: 6
6 years 11 months ago #97801
by Mark Evans
Replied by Mark Evans on topic iFrame tags stripped from event details
Hi.
I haven't tried the file yet. Will try it today. I was editing my events as a super user. I haven't tried adding an event with an iframe using a normal account. Do you want me to try that too?
Rgds,
Mark
I haven't tried the file yet. Will try it today. I was editing my events as a super user. I haven't tried adding an event with an iframe using a normal account. Do you want me to try that too?
Rgds,
Mark
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
6 years 11 months ago #97802
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic iFrame tags stripped from event details
Editing events as super admin account should work. Maybe you can post the HTML code you tried to enter into description here (paste it into a text file, then zip it and upload it here) so that we can try it ourself, too
Regards,
Tuan
Regards,
Tuan
Please Log in or Create an account to join the conversation.
- Mark Evans
- Topic Author
- Offline
- Senior Member
Less
More
- Posts: 40
- Thank you received: 6
6 years 11 months ago #97810
by Mark Evans
Replied by Mark Evans on topic iFrame tags stripped from event details
I can't post the code. I keep getting XSS errors. Just to clarify, I am just trying to embed an iFrame to show a youtube clip.
User is Super User and Registered and the iFrame gets removed on submitting.
Also I have not yet tried your updated file. I will check it and get back to you.
User is Super User and Registered and the iFrame gets removed on submitting.
Also I have not yet tried your updated file. I will check it and get back to you.
Please Log in or Create an account to join the conversation.
- Mark Evans
- Topic Author
- Offline
- Senior Member
Less
More
- Posts: 40
- Thank you received: 6
6 years 11 months ago #97813
by Mark Evans
Replied by Mark Evans on topic iFrame tags stripped from event details
hi there,
That patch works for me. I can now add iFrame to frontend. Will this change be wrapped into the next general release of the product?
scm7mae
That patch works for me. I can now add iFrame to frontend. Will this change be wrapped into the next general release of the product?
scm7mae
Please Log in or Create an account to join the conversation.
- James Riley
- Offline
- Platinum Member
6 years 11 months ago #97819
by James Riley
James Riley .: EventBooking user since 2014 ::: JoomDonation user since 2016 :.
.: grfx & web design / IT / AV @ St. Therese Institute of Faith and Mission, Bruno, SK, Canada :.
Replied by James Riley on topic iFrame tags stripped from event details
There are several free Joomla extensions/modules available that allow you to embed YouTube videos into your site that you might also want to check out.
Note: Joomla itself normally doesn't allow iFrames for security reasons, unless you specifically override the setting (see example at forum.joomla.org/viewtopic.php?t=795176 )... I don't know if bypassing this normal restriction by default for every Event Booking user would be wise. I guess if it is restricted to only SuperAdmins, that would prevent most potential abuse, but even then it would be working counter to the way that Joomla normally runs (removing iFrames).
Note: Joomla itself normally doesn't allow iFrames for security reasons, unless you specifically override the setting (see example at forum.joomla.org/viewtopic.php?t=795176 )... I don't know if bypassing this normal restriction by default for every Event Booking user would be wise. I guess if it is restricted to only SuperAdmins, that would prevent most potential abuse, but even then it would be working counter to the way that Joomla normally runs (removing iFrames).
James Riley .: EventBooking user since 2014 ::: JoomDonation user since 2016 :.
.: grfx & web design / IT / AV @ St. Therese Institute of Faith and Mission, Bruno, SK, Canada :.
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
6 years 11 months ago #97841
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic iFrame tags stripped from event details
Yes. It is already included in download package on server - together with some fixes (which only happens on some sites) on Joomla 3.7.0 - guess it is related to PHP version, I still unsure yet
So if you want, access to My Downloads menu item, download the latest code base (still version 2.14.3) and upgrade it to your site
Regards,
Tuan
So if you want, access to My Downloads menu item, download the latest code base (still version 2.14.3) and upgrade it to your site
Regards,
Tuan
Please Log in or Create an account to join the conversation.
Moderators: Tuan Pham Ngoc
Support
Documentation
Information
Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.