The MU forums have moved to WordPress.org

Please confirm iframe bug (12 posts)

  1. drmike
    Member
    Posted 16 years ago #

    Greets:

    Just came across a spam blog on my WPMu install using iframes within a Page, not a Post. Could have sworn that iframes were on the naughty list for HTML tags.

    Someone else please confirm this.

    Thanks,
    -drmike

  2. drmike
    Member
    Posted 16 years ago #

    I hate to bump especially since I bug other people about it but... :)

  3. drmike
    Member
    Posted 15 years ago #

    Greets:

    I just had another on eposted within a blog here for cbox and had the time to dig through the code. I do note that within the kses.php file, iframes are now allowed with a note that Andy would be doing whitelisting for domains. I don't see this whitelisting currently, at least not for teh domains being used within the latest iframe.

    Ticket made: http://trac.mu.wordpress.org/ticket/249

    -drmike

  4. lunabyte
    Member
    Posted 15 years ago #

    I'd figure that iframes were on the no-no list.

    I guess one upside to it is that a search engine can't read what's in the iframe
    through the source. There must be some benefit to it though, else the bastards wouldn't be doing it.

  5. andrea_r
    Moderator
    Posted 15 years ago #

    "iframes are now allowed with a note that Andy would be doing whitelisting for domains. I don't see this whitelisting currently, at least not for teh domains being used within the latest iframe."

    Betcha that's an internal note for the guys at wp.com.

  6. drmike
    Member
    Posted 15 years ago #

    Actually I think they do have a whitelist as it's come up before that some iframes are allowed while others aren't.

    I wonder if they're holding that list to their chest.

    If so, I do hope that they at least provide a way to create our own whitelist and we can build one here.

  7. jshare
    Member
    Posted 15 years ago #

    I have an iframe in a page calling local code. When the iframe was put in place, I was using WPMU1.0. Now that I'm on WPMU 1.2.1, I just discovered that if I try to save changes to the page, the iframe is now getting filtered out. Worse - even if I make no changes, just clicking Save will destroy the iframe that was in place in the past. Luckily I discovered this in a test environment otherwise I'd be pulling some hair out right about now.

    Any suggestions on how to allow admin users the possibility of creating iframes on pages only?

  8. drmike
    Member
    Posted 15 years ago #

    On *PAGES* only? I'd vote for creating theme based page templates that would have them hard coded in.

  9. jshare
    Member
    Posted 15 years ago #

    Good idea drmike, best of both worlds and it should be pretty quick too in this case.

  10. drmike
    Member
    Posted 15 years ago #

    Something you make want to think of is that when I add in a new theme, I have a written list of things that I make sure each and every theme supports. Thinks like custom headers, widgets, xml, etc. That would be a good thing to add to that list.

    I'm actually planning on going back through and working on the themes, probably next month as I've expanded my list some and want to make sure all of the themes are on the same page.

    You can check out the list here:

    http://daria.be/forums/topic/196

  11. mrjcleaver
    Member
    Posted 15 years ago #

    For http://daria.be/forums/topic/196
    "
    This is a 404 page.

    Try to do something stupid
    "

  12. drmiketemp
    Member
    Posted 15 years ago #

About this Topic

  • Started 16 years ago by drmike
  • Latest reply from drmiketemp