WordPress.org

Ready to get started?Download WordPress

Forums

Advanced iFrame
[resolved] [Plugin: Advanced iframe] Security risk with WPTouch and WordPress Android (10 posts)

  1. nbquidditch
    Member
    Posted 2 years ago #

    Please note that Advanced iFrame doesn't work with WPTouch and WordPress Android (a popular plugin used to view WordPress sites on smartphones).

    Advanced iFrame works well with WordPress Android but when WPTouch is used, the shortcode used for the iFrame is displayed thereby exposing the security id.

    http://wordpress.org/extend/plugins/advanced-iframe/

  2. mdempfle
    Member
    Plugin Author

    Posted 2 years ago #

    But then this is actually a bug of WPTouch if the shortcode is not processed properly.

    I'll check if there is a workaround.

    - Michael

  3. mdempfle
    Member
    Plugin Author

    Posted 2 years ago #

    And about the security risk: Advanced iframe then is as save as any other iframe implementations! So there is no risk at all from outside.

  4. nbquidditch
    Member
    Posted 2 years ago #

    Actually the scene has changed with the recent update to WordPress for Android. With or without WPTouch, the shortcode is displayed rather than the intended iFrame. The website is using WP 3.3.1 and my phone is an HTC Desire HD.

    If you would like to see this in action check http://qbuster.net on your Android mobile.

  5. mdempfle
    Member
    Plugin Author

    Posted 2 years ago #

    I don't see an iframe or the code at this page. Is it still there?

  6. nbquidditch
    Member
    Posted 2 years ago #

    Yes it is still there.

    I'm using WordPress for Android (WPforA) version 2.0.3 on an HTC Desire HD running Android v 2.3.3.

    Using the HTC I log into http://qbuster.net and select Pages. There are 2 pages. Welcome is a normal WP page.

    Pages 2,3 & 4 (Family Treee, Familiy Tree Analysis and Images of nb Quidditch are all iFrames created with the help of a shortcode from the plugin Advanced iFrames. All of these display the respective shortcode reference which starts with [advanced_iFrame security_id="??????" path='path']

    Of course, it we visit http://qbuster.net via a laptop or PC we see the correctly invoked iFrames.

    If you are not seing that, which mobile are you using and which vof Android and WPforA?

    Thanks for following this....

    Regards

    Will

  7. mdempfle
    Member
    Plugin Author

    Posted 2 years ago #

    I use a Samsung Galaxy S2 with Android 2.3.4.

    There all iframes are displayed (as far as I can see) and no shortcode is shown.

  8. nbquidditch
    Member
    Posted 2 years ago #

    OK, so that puts Android v2.3.3 on the suspect list. I've been informed that an upgrade to 2.3.5 is imminent but I'm not holding my breath.

    I'll go on an HTC Desire forum and get some people to test it.

    Meanwhile, is it possible that I have another app that is conflicting? Seems unlikley to me; perhaps I'll grab the WPforA source and see if I can trace the problem via the APK.

    regards

    Will

  9. mdempfle
    Member
    Plugin Author

    Posted 2 years ago #

    Please tell me if you have any news because at this point the shortcode seems not to be parsed properly by the other plugin.

    Have you tried with a very short security code?

  10. mdempfle
    Member
    Plugin Author

    Posted 1 year ago #

    Any news on this? Otherwise i'll set this to resolved.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic