Whitelist Param – Wildcard/Regex Url or Global
-
I see that right now there is no way to whitelist parameters on multiple urls or urls matching a pattern. This poses an issue for front-end builder plugins like Beaver Builder because every page has to be whitelisted separately for every parameter you want whitelisted.
To demonstrate this issue:
1. Install Beaver Builder Lite and WordFence (with Firewall Enabled) on a clean site.
2. Enter Page Builder mode on any page.
3. Drop in an HTML module, and paste in the embed code for “Big Buck Bunny” YouTube video:<iframe width="560" height="315" src="https://www.youtube.com/embed/YE7VzlLtp-4" frameborder="0" allowfullscreen></iframe>
4. Save.The action will be blocked because the iframe triggers a warning. If you enter learning mode, the offending parameter will be whitelisted but only for this particular page. In order to whitelist it across the site, you would need to add each and every page to the whitelist table. That is not practical when we give control to the (non-technical) client to add/build their own pages with the page builder.
I would like the option to whitelist a given parameter (and a few other parameters) for all pages on the site, so that I can build a small list of whitelisted urls. Alternatively I would take a hook into the whitelist process so I could add my own logic for catching false positives.
- The topic ‘Whitelist Param – Wildcard/Regex Url or Global’ is closed to new replies.