I've got more of a conceptual question for the team/CBers with this new post. I've been working around the tagging, cataloging, indexing limitations for video, audio files etc. as it currently stands, but my concern or interest is:
In CB Blogs, how did you manage to enable embedding of videos without removing iframes" restriction?
As you know, normally you remove the iframe restriction from tinymce but I don't see where that's happened.
If you're overriding the code to eliminate iframe restriction, wouldn't that pose a security breach?
Please explain how you're accomplishing this and the threat level posed by the allowing of iframes.
You need to whitelist iframes within CB > Configuration > User Profile by adding it to "Exclude Tags from Filtering". iframe renders the contents of 1 site inside of your side. That's the security issue. What site is displayed is dependent on the URL. Could be a porn site, a virus site, etc.. I don't recommend allowing iframes. If you want video sharing use CB Gallery or a Video fieldtype. I'm unsure how an iframe usage is going to provide the features you're wanting though.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
I figured as much on the security issue but on something this serious did not want to make any assumptions. (never could see how the video file itself could cause any damage but the content on the other hand, another story)
So no, I don't want to allow I frames, I just wanted to be sure the restriction wasn't somehow being overridden as the video tab allows video linking on the user profile page. But the linking and embedding work a little differently, so I guess that's how it's done.
Also checking out a couple of workarounds on the other, will let you know how it goes.
krileon
