Circumventing iframes ??
- Magic2014
- OFFLINE
-
Senior Member
- Posts: 61
- Thanks: 9
- Karma: 2
8 years 4 months ago #275761
by Magic2014
Circumventing iframes ?? was created by Magic2014
Hi Guys,
Hope you enjoyed Christmas.
I've got more of a conceptual question for the team/CBers with this new post. I've been working around the tagging, cataloging, indexing limitations for video, audio files etc. as it currently stands, but my concern or interest is:
Hope you enjoyed Christmas.
I've got more of a conceptual question for the team/CBers with this new post. I've been working around the tagging, cataloging, indexing limitations for video, audio files etc. as it currently stands, but my concern or interest is:
- In CB Blogs, how did you manage to enable embedding of videos without removing iframes" restriction?
- If you're overriding the code to eliminate iframe restriction, wouldn't that pose a security breach?
- Please explain how you're accomplishing this and the threat level posed by the allowing of iframes.
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68528
- Thanks: 9093
- Karma: 1434
8 years 4 months ago - 8 years 4 months ago #275775
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Circumventing iframes ??
You need to whitelist iframes within CB > Configuration > User Profile by adding it to "Exclude Tags from Filtering". iframe renders the contents of 1 site inside of your side. That's the security issue. What site is displayed is dependent on the URL. Could be a porn site, a virus site, etc.. I don't recommend allowing iframes. If you want video sharing use CB Gallery or a Video fieldtype. I'm unsure how an iframe usage is going to provide the features you're wanting though.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 8 years 4 months ago by krileon.
Please Log in to join the conversation.
- Magic2014
- OFFLINE
-
Senior Member
- Posts: 61
- Thanks: 9
- Karma: 2
8 years 4 months ago #275785
by Magic2014
Replied by Magic2014 on topic Circumventing iframes ??
Thanks Kyle,
Very helpful.
I figured as much on the security issue but on something this serious did not want to make any assumptions. (never could see how the video file itself could cause any damage but the content on the other hand, another story)
So no, I don't want to allow I frames, I just wanted to be sure the restriction wasn't somehow being overridden as the video tab allows video linking on the user profile page. But the linking and embedding work a little differently, so I guess that's how it's done.
Also checking out a couple of workarounds on the other, will let you know how it goes.
Magic
Very helpful.
I figured as much on the security issue but on something this serious did not want to make any assumptions. (never could see how the video file itself could cause any damage but the content on the other hand, another story)
So no, I don't want to allow I frames, I just wanted to be sure the restriction wasn't somehow being overridden as the video tab allows video linking on the user profile page. But the linking and embedding work a little differently, so I guess that's how it's done.
Also checking out a couple of workarounds on the other, will let you know how it goes.
Magic
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.189 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- Circumventing iframes ??