WordPress.org

Ready to get started?Download WordPress

Forums

iframe code being stripped (8 posts)

  1. macaulus
    Member
    Posted 3 years ago #

    Hi
    ive searched around for an answer to this, but doesnt seem easy, i have a multisite wordpress install working perfectly for my admin user which controls everything including the network.

    I started a new site recently and added it to the network and created an admin user who will be adding posts to the new site, this user only has access to this new site as an administrator.

    When logged into my admin user (network user - full admin) when embedding an iframe to call a youtube link in a post the code stays put in the post and doesnt get stripped, when i log in as the new admin user of just this new site, the iframe code gets stripped out of the post, i have tried upgrading/downgrading this user to every level, author, editor and so on with the same result.

    I would rather not use a plugin to accomplish a simple task like this, any ideas out there on why this new users code is being stripped, but my user has no problems, there doesnt seem to be any wordpress settings allowing or disallowing this rule for code stripping.

    Any help would be greatly appreciated

  2. Yeah, non super-admins can't use iframe and other restricted HTML. It's a security feature, and no, you really don't wanna change it.

    when embedding an iframe to call a youtube link

    You know, for THAT you don't need an iFrame at all. Just paste in the URL of the video. See http://codex.wordpress.org/Embeds

  3. macaulus
    Member
    Posted 3 years ago #

    seems that works, and i can use the embed tag to change the width.

    This is a private site however, user registration is turned off, only employees will ever be able to update content, is there a different reason

    It's a security feature, and no, you really don't wanna change it.
    around it actually being a security hole, or is it assumed that all wordpress sites are open to the general public ??

    seems that if i control the user access and they are trusted employees, this would never be a problem, maybe a thread for another topic though, thankyou for you speedy reply, i will use the embed code which seems to work for the most part

  4. Tim Moore
    Moderator
    Posted 3 years ago #

    There are plugins out there that will relax the security feature. However, Ipstenu is right; even with private registration you don't really want to do it. Even a select set of users will use bad passwords, which could lead towards easier break-ins on your website.

    The way WordPress MultiSite is designed is under the assumption people are going to be running their own version of WordPress.com, which has public registration of accounts and blogs. In that use case, you don't want everyone to be able to do everything.

  5. It's not assumed that all WP sites are open registration, it's assumed that all WP sites where the NON Super Admin owns sites involve users who are NOT the Super Admin.

    If YOU blow up your own site, you kinda know what you did. If your mom does, good like getting an answer out of what SHE did.

  6. One of the core devs mantras is "never trust the user". they will do stupid things. Yes, they will. :)

  7. tomachi
    Member
    Posted 2 years ago #

    This is insane wordpress is deleting the iframes on my blog how on earth do I stop it from doing this?

  8. There'a a plugin called Unfiltered MU.

    For the love of all that's holy, don't use it on an un-monitored site where anyone in the universe can log in and make a site.

    Comprede?

Topic Closed

This topic has been closed to new replies.

About this Topic