PKP Bugzilla – Bug 5278
extend TinyMCE configuration to allow for iframes
Last modified: 2012-09-24 09:41:52 PDT
TinyMCE doesn't currently allow iframes to be added into HTML. It should probably allow for iframes, esp. for OCS (but maybe also OJS), as Google Maps (amongst others) creates embeddable code using iframes.
I've tried adding "iframe[*]" to plugins/generic/staticPages/StaticPagesEditForm.inc.php -> extended_valid_elements (line 116), but that doesn't seem to work for the Static Pages plugin. I also think it's worth doing app-wide, if possible; but the only place that I can find where this seems to be an option in the TinyMCE plugin is in lib/pkp/lib/tinymce/jscripts/tiny_mce_src.js, and I don't think that's it. I'm also not sure if it's safe allowing for all iframe attributes (ie., iframe[*]).
See http://pkp.sfu.ca/support/forum/viewtopic.php?f=3&t=5920&p=22723#p22723 for a workaround, but I'll continue looking for a way to modify TinyMCE to allow this.
I'm not sure if enabling this site-wide would be a good idea--Users could end up embedding malicious scripts.
This also affects versions 2.3.3-2
Through some searching, it seems like it would be a simple fix to add
extended_valid_elements : "iframe[src|width|height|name|align]",
to the tinymce init
It may not be TinyMCE stripping iframe tags, but OJS itself -- see the config.inc.php directive called "allowed_html".