WordPress MU

Greets:

Just came across a spam blog on my WPMu install using iframes within a Page, not a Post. Could have sworn that iframes were on the naughty list for HTML tags.

Someone else please confirm this.

Thanks,
-drmike

I hate to bump especially since I bug other people about it but... :)

Greets:

I just had another on eposted within a blog here for cbox and had the time to dig through the code. I do note that within the kses.php file, iframes are now allowed with a note that Andy would be doing whitelisting for domains. I don't see this whitelisting currently, at least not for teh domains being used within the latest iframe.

Ticket made: http://trac.mu.wordpress.org/ticket/249

-drmike

I'd figure that iframes were on the no-no list.

I guess one upside to it is that a search engine can't read what's in the iframe
through the source. There must be some benefit to it though, else the bastards wouldn't be doing it.

"iframes are now allowed with a note that Andy would be doing whitelisting for domains. I don't see this whitelisting currently, at least not for teh domains being used within the latest iframe."

Betcha that's an internal note for the guys at wp.com.

Actually I think they do have a whitelist as it's come up before that some iframes are allowed while others aren't.

I wonder if they're holding that list to their chest.

If so, I do hope that they at least provide a way to create our own whitelist and we can build one here.

I have an iframe in a page calling local code. When the iframe was put in place, I was using WPMU1.0. Now that I'm on WPMU 1.2.1, I just discovered that if I try to save changes to the page, the iframe is now getting filtered out. Worse - even if I make no changes, just clicking Save will destroy the iframe that was in place in the past. Luckily I discovered this in a test environment otherwise I'd be pulling some hair out right about now.

Any suggestions on how to allow admin users the possibility of creating iframes on pages only?

On *PAGES* only? I'd vote for creating theme based page templates that would have them hard coded in.

Good idea drmike, best of both worlds and it should be pretty quick too in this case.

Something you make want to think of is that when I add in a new theme, I have a written list of things that I make sure each and every theme supports. Thinks like custom headers, widgets, xml, etc. That would be a good thing to add to that list.

I'm actually planning on going back through and working on the themes, probably next month as I've expanded my list some and want to make sure all of the themes are on the same page.

You can check out the list here:

http://daria.be/forums/topic/196

For http://daria.be/forums/topic/196
"
This is a 404 page.

Try to do something stupid
"

http://daria.be