-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TinyMce Editor iframe and general #43407
Comments
This is intended behaviour and implements the security hardening in tniymce |
Followed your video and It does the same behaviour... Puts the sandbox inside! |
yes it is supposed to put the sandbox there. As I said this is a security change from tinymce https://www.tiny.cloud/docs/tinymce/latest/7.0-release-notes/#security-fixes |
So we cannot put an iframe like google maps from now on? I now its a security fix but What this documentation/update changes says is this: also this exists.. Without those every map on site with iframe will not be displayed because it will become sandboxed. Something that so many years was working. Maybe in the plugin we should have an option to enable or disable this option and put convert_unsafe_embeds and sandbox_iframes_exclusions value if needed.
|
This doesn't work for me either. Joomla 5.1.0 I understand this is done for security but I can't find any solution to allow me to embed youtube videos with iframe which makes this a complete annoying bug |
Workaround: Install TinyMCE Configuration Modifier plugin https://github.com/nikosdion/plg_system_tinymod This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43407. |
Bug tinymce editor Joomla 5.1.0 and 5.1.1, TinyMCE editor rewrites code iframe by adding sandbox="". Workaround: Replace the tinymce editor files from Joomla 5.1. Don't have the files version 5.0.3? |
Txs for the suggestion @macstalker !
|
it could well be that I misunderstood the advice from tinymce and applied the security fix incorrectly |
I am happy that we have a workaround for this, but it is indeed weird that
So I guess that
|
Steps to reproduce the issue
Put this into text editor code
<iframe src="https://www.google.com/maps/embed?pb=!1m14!1m12!1m3!1d24578.379315757487!2d22.4165888!3d39.64302065!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sel!2sgr!4v1714479981262!5m2!1sel!2sgr" width="600" height="450" style="border:0;" allowfullscreen="" loading="lazy" referrerpolicy="no-referrer-when-downgrade"></iframe>Expected result
Show map iframe
Actual result
Puts sandbox="" and prevents to load the iframe and becomes
<iframe src="https://www.google.com/maps/embed?pb=!1m14!1m12!1m3!1d24578.379315757487!2d22.4165888!3d39.64302065!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sel!2sgr!4v1714479981262!5m2!1sel!2sgr" width="600" height="450" style="border:0;" allowfullscreen="" loading="lazy" referrerpolicy="no-referrer-when-downgrade" sandbox=""></iframe>Also in sandbox we cannot add values or edit it so allow something to work. Always remains empty so restricts everything.
I cannot figure out how to change it and allow iframes work somehow.
System information (as much as possible)
Joomla 5.0.1
Php 8.2
Additional comments
i setted it as use joomla filters and joomla filters setted to none. Shouldn't this be initialized somehow so no changes happened to any value?
Tiny mce at final keeps editing text and doennt allow even a custom structure or something like that:
The text was updated successfully, but these errors were encountered: