Mahara

Supported iframes are not displayed in text box

Bug #885066 reported by Kristina Hoeppner
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Medium
François Marier

Bug Description

affects Mahara 1.5

I tested Vimeo and Glogster iframes in text boxes and they are both stripped out. When I put the iframe into the HTML editor and revert back to the visual one, the video / glog shows up alright. However, as soon as I save the box, nothing is displayed. Interestingly, when I go back into edit mode, the code is still there and the video / glog displays alright in the editor.

It worked before as far as I can remember and Brett confirmed that.

See original description
Tags: htmlpurifier
Kristina Hoeppner (kris-hoeppner)
description: updated
Revision history for this message
François Marier (fmarier) wrote :

They have probably changed something in how their iframes look :(

Changed in mahara:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

I'm not sure, Francois. The media artefacts show up fine in the editor but not on the page. Richard suspected it to be due to an update of TinyMCE.

Christopher Tombleson (christopher-k)
Changed in mahara:
assignee: nobody → Christopher Tombleson (christopher-k)
François Marier (fmarier)
Changed in mahara:
milestone: none → 1.5.0
tags: added: htmlpurifier
François Marier (fmarier)
Changed in mahara:
assignee: Christopher Tombleson (christopher-k) → nobody
Revision history for this message
Melissa Draper (melissa) wrote :

Adding Vimeo by url and embed code seems to be working fine.

The block however seems to entirely lose the url/embed for glogster.
Note: Currently Glogster.com, the actual site, struggles to load itself properly in firefox 8.0 but seems fine in Chrome.

Voki embed html throws up a 'invalid url' error but standard and symbaloo links generated by voki work happily.

Revision history for this message
Melissa Draper (melissa) wrote :

Seems I've misunderstood the bug. There seems to be a wide range of embedding that is being stripped out partially or fully, not just vimeo/glogster, but also slideshare and probably others.

Melissa Draper (melissa)
Changed in mahara:
assignee: nobody → Melissa Draper (melissa)
status: Confirmed → In Progress
Revision history for this message
Melissa Draper (melissa) wrote :

https://reviews.mahara.org/#change,939

Revision history for this message
François Marier (fmarier) wrote :

If we end up enabling the new settings described in bug #922360 then we won't need to fix this one manually.

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/1066
Committed: http://gitorious.org/mahara/mahara/commit/f4cd8d19876c1df2320c0d5ac2dc5f77e57c2e0f
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit f4cd8d19876c1df2320c0d5ac2dc5f77e57c2e0f
Author: Francois Marier <email address hidden>
Date: Tue Feb 21 14:38:27 2012 +1300

    htmlpurifier: migrate custom iframe filters to URI.SafeIframeRegexp

    The new HTML.SafeIframe setting in HTML Purifier 4.4.0 allows us
    to remove our fragile custom filters.

    The regular expressions are not quite as tight, but they are
    restricted to the src attribute and HTML Purifier will hopefully
    apply the right filters.

    Bug #922360 (also fixes bug #885066)

    Change-Id: Ifaa9f13ae77b28e18df640103e205a94bc3af2d7
    Signed-off-by: Francois Marier <email address hidden>

François Marier (fmarier)
Changed in mahara:
status: In Progress → Fix Committed
milestone: 1.5.0 → none
status: Fix Committed → Fix Released
assignee: Melissa Draper (melissa) → François Marier (fmarier)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.