iFrames Being Stripped out
Just a note to thank you for a great plugin. It is providing us with a solution to provide additional users (primarily subsite admins) on a multisite installation with iframe embed capabilities so their embeds do not get stripped out when switching between visual and HTML.
The default WordPress stripping (from what I have read) that occurs on a Multisite Installation for all users EXCEPT the Network Super Admin is what we are seeking to modify for selected users. http://codex.wordpress.org/Roles_and_Capabilities
We needed to give administrators and authors on each subsite the ability to embed iframes and Extended Super Admin did exactly that for us.
I created a new role and preserved the unfiltered html privilege for that new role and then assigned it to the users who need iframe embed capabilities and it worked fine.
This is what I wrote to advise you about:
On our installation, a user must FIRST be set as a SUPER ADMIN and THEN be assigned the new role created in the Extended Super Admin plugin. Failure to set a user as Super Admin FIRST can cause a server crash when directly selecting the new ESA role for a user who is not previously set as a Super Admin.
Would there be a way to validate for this and notify users about this when they are setting a user to an ESA role so they do not think your plugin is broken if they happen to create an ESA user role and try to apply it directly to an admin or other user without first setting the other user to Super Admin?
I thought it was broken at first until I reasoned through what might be happening and changed my user role selection workflow, then it worked fine.
Just a suggestion.
Other solutions for iframe embedding suggested to us are the two year old plugin “Unfiltered MU” (which many report ceased working at 3.0), and an old unsupported WPMUDEV plugin called Additional Tags that let site owners define additional tags users could use in HTML markup. http://premium.wpmudev.org/forums/topic/additional-tags-plugin
Also hacking the kses was suggested (but highly advised against) and then of course there are all the plugins that use oEmbed to insert videos from trusted sources, toolbar video and media embed buttons like those on Ultimate TinyMCE and adding additional trusted oEmbed sources to functions.php.
Adding additional trusted sources could cover some instances but not all and the modified file would get overwritten with a WP upgrade, sooooooo
Our WP Network is semi-private and users are verified, so I am interested in allowing users of a trusted role to embed unfiltered HTML (specifically iframe content) from whatever source they want.
I grasp the security issues involved and I would think that a TinyMCE editor plugin or a dedicated special plugin would exist to manage this without requiring shortcode wrappers for iframes, but perhaps I am looking at this wrong and that is the best solution.
The goal is simple, – on a WP Multisite installation with trusted users, grant selected user roles (primarily subsite admins) the ability in the editor to embed unfiltered HTML so that switching between visual and HTML in the editor does not strip out iframes, etc.
Extended Super Admin gave us a workable solution thanks to you.
Is there a social media presence where I could brag on ESA for you?
Let me know.
SooBahkDo, I’m in a similar situation as yours and I just wanted to share that I went ahead and tested the Unfiltered MU [which turns out to be created by Automattic, yes the creators of WordPress.com] and even though I too was weary of its non-updated age, I’m happy to report it worked like a charm. 🙂
- The topic ‘iFrames Being Stripped out’ is closed to new replies.