How to allow regular users to enter embedded code from flash players of YouTube and all others without having their post stripped the javascript? Do we even have a plugin for this? Thanks...
Using WordPress 3.0 with multisite enable with latest Buddypress
How to allow regular users to enter embedded code from flash players of YouTube and all others without having their post stripped the javascript? Do we even have a plugin for this? Thanks...
Using WordPress 3.0 with multisite enable with latest Buddypress
Oh sorry for being impatient, I found the solution to this also! Additional tag plugin is the solution, but I hope it will work with wordpress 3.0 and buddypress, i'm going to install it now!
It does work if you install it correctly. If you want people to be able to do videos it is more secure to use a plugin like Viper's Video Quicktags. There is a very good reason all that code is stripped out in multisite!
I am trying to embed javascript directly into my post, and the code keeps on getting stripped away in html mode. What is the solution? Would Unfiltered MU work for this as well?
Working with WMU 2.9.2 & Buddypress.
6593 pointsLike some sort of WPMU DEV GodExceptionally helpfulLifetime member
Keeper of the Dark Chocolate
—
24th June 2010 (1 year ago)
#
As noted up above, embeds and javascripts are stripped due to security concerns. (Search on the mu forums for about many threads on this.) Use one of the many shortcode plugins available depending on what kind of javascript you're trying to add in or write one of your own.
You can install either unfiltered MU or the additional tag plugins but again, both are major security risks, even on a closed (not open for public joining) site.
I seem to recall the last time this came up, the analogy was that it was safer to walk around the bad parts of town butt naked with suitcases of money and a "Please rob me" sign around your neck. Or, in the case of the net, publishing your login information on the front page of your site.
Friendly reminder that edublogs just removed this feature.
For video embeds (YouTube, Vimeo, Viddler, Hulu, etc.) and some other forms of embedded content (Scribd, PollDaddy, Flickr, etc.) you can enable the oEmbed functionality in WordPress. When enabled, the user only needs to type/paste the URL of the video or other object, and the embed is done automatically. See:
If you want to enable this for an oEmbed provider that is not on the default list of supported providers, you can add your own via a function. There is also a function that allows you to add support for a non-oEmbed site.
6593 pointsLike some sort of WPMU DEV GodExceptionally helpfulLifetime member
Keeper of the Dark Chocolate
—
14th July 2010 (1 year ago)
#
That's still a security risk as you have little to no control over what's getting added from the third party site. It's also a customer service issue as it;s recommended that the content be displayed in an iframe and while some folks have javascripts and embeds blocked for security, they're very more likely to have iframes blocked.
Give the security section a read through about two thirds down:
I don't disagree regarding the security risks. However, given the ability to white-list oEmbed providers within the WP system, combined with the ease of use for the feature for end-users, it beats the heck out of using an unfiltered MU approach.
Viper's solution is a very good one for video embeds, and would be my recommendation for someone who wants to provide video embeds without enabling oEmbed.
But oEmbed - to the extent you trust Hulu, Vimeo, Flickr, and other white-listed providers - does offer some level of security management and provides a great deal of flexibility with regard to content types.
For my money, it is (in most cases) an acceptable risk.
1. Ok Does anyone have a safe solution for embedding javascript generated from google apis?
This is the code I am trying to embed. <script src="https://spreadsheets.google.com/gpub?url=http%3A%2F%2Ftbaoebshgeq225lhq2bam0m0a5mf6u0b.spreadsheets.gmodules.com%2Fgadgets%2Fifr%3Fup__table_query_url%3Dhttps%253A%252F%252Fspreadsheets.google.com%252Ftq%253Frange%253DA1%25253AC2267%2526headers%253D-1%2526gid%253D0%2526key%253D0ApT-n-lz0CPidEJkTjRYREx2bklhWW5VaHp1Y3Y4Unc%2526pub%253D1%26up_title%3DInitial%2520Jobless%2520Claim%2520July%25201%252C%25202010%26up__table_query_refresh_interval%3D300%26up_scale%3Dfixed%26up_values_suffix%26up_annotations_width%3D25%26up_display_zoom_buttons%3D1%26up_display_exact_values%3D1%26up_display_annotations_filter%3D1%26up_display_legend_inNewline%3D1%26url%3Dhttp%253A%252F%252Fwww.google.com%252Fig%252Fmodules%252Ftime-series-line.xml&height=400&width=600"></script>
2. I'm also trying to embed video code from a trusted source "my private smugmug acount". I currently using the unfiltered mu plugin but would like to use a safer method. Any ideas, or suggestions???
This is an example of the code I'm going to use. <object width="640" height="360" ><param name="movie" value="http://cdn.smugmug.com/ria/ShizVidz-2010012201.swf" /><param name="allowFullScreen" value="true" /><param name="flashVars" value="s=ZT0xJmk9NzkwNTU1MTIwJms9V01MSzImYT0xMTI3MTQzMF9EQ29NcSZ1PVRMU0dhbGxlcnkmc2U9MCZzbz0wJmhkYj0xJnNiPTEmZnM9MSZsPTAm" /><embed src="http://cdn.smugmug.com/ria/ShizVidz-2010012201.swf" flashVars="s=ZT0xJmk9NzkwNTU1MTIwJms9V01MSzImYT0xMTI3MTQzMF9EQ29NcSZ1PVRMU0dhbGxlcnkmc2U9MCZzbz0wJmhkYj0xJnNiPTEmZnM9MSZsPTAm" width="640" height="360" type="application/x-shockwave-flash" allowFullScreen="true"></embed></object>
Are you trying to embed it yourself? If so that's easy as Super Admins have the permission already. The trouble is when you want to enable them for other users, which would require a plugin that created a shortcode or something for it.
6593 pointsLike some sort of WPMU DEV GodExceptionally helpfulLifetime member
Keeper of the Dark Chocolate
—
20th July 2010 (1 year ago)
#
You could always cheat if these embeds will only stay on the main blog and won;t change that often. You can create your own shortcode and add it to the theme's function.php file.
Thank you for your replies. I am new to all this so I appreciate your help.
@Aaron Yes I am trying to embed the javascript myself as a super admin but it doesn't show up in the post. I am trying to add the following code to my post. It is not remove on the html view but it is not present in the post. Not sure what I am doing wrong here. Please advise.
<script src="https://spreadsheets.google.com/gpub?url=http%3A%2F%2Ftbaoebshgeq225lhq2bam0m0a5mf6u0b.spreadsheets.gmodules.com%2Fgadgets%2Fifr%3Fup__table_query_url%3Dhttps%253A%252F%252Fspreadsheets.google.com%252Ftq%253Frange%253DA1%25253AC2267%2526headers%253D-1%2526gid%253D0%2526key%253D0ApT-n-lz0CPidEJkTjRYREx2bklhWW5VaHp1Y3Y4Unc%2526pub%253D1%26up_title%3DInitial%2520Jobless%2520Claim%2520July%25201%252C%25202010%26up__table_query_refresh_interval%3D300%26up_scale%3Dfixed%26up_values_suffix%26up_annotations_width%3D25%26up_display_zoom_buttons%3D1%26up_display_exact_values%3D1%26up_display_annotations_filter%3D1%26up_display_legend_inNewline%3D1%26url%3Dhttp%253A%252F%252Fwww.google.com%252Fig%252Fmodules%252Ftime-series-line.xml&height=400&width=600"></script>
Responses (20)
Member — 21st June 2010 (1 year ago) #
Oh sorry for being impatient, I found the solution to this also! Additional tag plugin is the solution, but I hope it will work with wordpress 3.0 and buddypress, i'm going to install it now!
Member — 21st June 2010 (1 year ago) #
Hmm.. additional tags plugin is not working with wordpress 3.0. Can developer here fix this? Thank You!
Lead Developer — 21st June 2010 (1 year ago) #
It does work if you install it correctly. If you want people to be able to do videos it is more secure to use a plugin like Viper's Video Quicktags. There is a very good reason all that code is stripped out in multisite!
Member — 22nd June 2010 (1 year ago) #
You could use Unfiltered MU
Keeper of the Dark Chocolate — 22nd June 2010 (1 year ago) #
As Aaron notes right above, those codes are stripped for a very good reason.
Member — 22nd June 2010 (1 year ago) #
I understand and agree, but if you have a closed community where you know those who are part of it, unfiltered mu works well. just saying...
Member — 24th June 2010 (1 year ago) #
I am trying to embed javascript directly into my post, and the code keeps on getting stripped away in html mode. What is the solution? Would Unfiltered MU work for this as well?
Working with WMU 2.9.2 & Buddypress.
Member — 24th June 2010 (1 year ago) #
Unfiltered MU Works great. Thank you
Keeper of the Dark Chocolate — 24th June 2010 (1 year ago) #
As noted up above, embeds and javascripts are stripped due to security concerns. (Search on the mu forums for about many threads on this.) Use one of the many shortcode plugins available depending on what kind of javascript you're trying to add in or write one of your own.
You can install either unfiltered MU or the additional tag plugins but again, both are major security risks, even on a closed (not open for public joining) site.
I seem to recall the last time this came up, the analogy was that it was safer to walk around the bad parts of town butt naked with suitcases of money and a "Please rob me" sign around your neck. Or, in the case of the net, publishing your login information on the front page of your site.
Friendly reminder that edublogs just removed this feature.
Member — 24th June 2010 (1 year ago) #
Any suggestions? Writing my own plugin isnt really a viable option.
Lead Developer — 24th June 2010 (1 year ago) #
For video embeds:
http://wordpress.org/extend/plugins/vipers-video-quicktags/
Keeper of the Dark Chocolate — 24th June 2010 (1 year ago) #
Actually I was suggesting writing your own only if another plugin wasn;t available. Sorry if I wasn;t clear.
When you say "embed javascript", what specifically are you trying to embed?
Member — 14th July 2010 (1 year ago) #
cancel that..
Member — 14th July 2010 (1 year ago) #
For video embeds (YouTube, Vimeo, Viddler, Hulu, etc.) and some other forms of embedded content (Scribd, PollDaddy, Flickr, etc.) you can enable the oEmbed functionality in WordPress. When enabled, the user only needs to type/paste the URL of the video or other object, and the embed is done automatically. See:
http://codex.wordpress.org/Embeds
If you want to enable this for an oEmbed provider that is not on the default list of supported providers, you can add your own via a function. There is also a function that allows you to add support for a non-oEmbed site.
Keeper of the Dark Chocolate — 14th July 2010 (1 year ago) #
That's still a security risk as you have little to no control over what's getting added from the third party site. It's also a customer service issue as it;s recommended that the content be displayed in an iframe and while some folks have javascripts and embeds blocked for security, they're very more likely to have iframes blocked.
Give the security section a read through about two thirds down:
http://oembed.com/
Member — 14th July 2010 (1 year ago) #
@Dr. Mike
I don't disagree regarding the security risks. However, given the ability to white-list oEmbed providers within the WP system, combined with the ease of use for the feature for end-users, it beats the heck out of using an unfiltered MU approach.
Viper's solution is a very good one for video embeds, and would be my recommendation for someone who wants to provide video embeds without enabling oEmbed.
But oEmbed - to the extent you trust Hulu, Vimeo, Flickr, and other white-listed providers - does offer some level of security management and provides a great deal of flexibility with regard to content types.
For my money, it is (in most cases) an acceptable risk.
Just my $0.02.
Member — 20th July 2010 (1 year ago) #
1. Ok Does anyone have a safe solution for embedding javascript generated from google apis?
This is the code I am trying to embed.
<script src="https://spreadsheets.google.com/gpub?url=http%3A%2F%2Ftbaoebshgeq225lhq2bam0m0a5mf6u0b.spreadsheets.gmodules.com%2Fgadgets%2Fifr%3Fup__table_query_url%3Dhttps%253A%252F%252Fspreadsheets.google.com%252Ftq%253Frange%253DA1%25253AC2267%2526headers%253D-1%2526gid%253D0%2526key%253D0ApT-n-lz0CPidEJkTjRYREx2bklhWW5VaHp1Y3Y4Unc%2526pub%253D1%26up_title%3DInitial%2520Jobless%2520Claim%2520July%25201%252C%25202010%26up__table_query_refresh_interval%3D300%26up_scale%3Dfixed%26up_values_suffix%26up_annotations_width%3D25%26up_display_zoom_buttons%3D1%26up_display_exact_values%3D1%26up_display_annotations_filter%3D1%26up_display_legend_inNewline%3D1%26url%3Dhttp%253A%252F%252Fwww.google.com%252Fig%252Fmodules%252Ftime-series-line.xml&height=400&width=600"></script>2. I'm also trying to embed video code from a trusted source "my private smugmug acount". I currently using the unfiltered mu plugin but would like to use a safer method. Any ideas, or suggestions???
This is an example of the code I'm going to use.
<object width="640" height="360" ><param name="movie" value="http://cdn.smugmug.com/ria/ShizVidz-2010012201.swf" /><param name="allowFullScreen" value="true" /><param name="flashVars" value="s=ZT0xJmk9NzkwNTU1MTIwJms9V01MSzImYT0xMTI3MTQzMF9EQ29NcSZ1PVRMU0dhbGxlcnkmc2U9MCZzbz0wJmhkYj0xJnNiPTEmZnM9MSZsPTAm" /><embed src="http://cdn.smugmug.com/ria/ShizVidz-2010012201.swf" flashVars="s=ZT0xJmk9NzkwNTU1MTIwJms9V01MSzImYT0xMTI3MTQzMF9EQ29NcSZ1PVRMU0dhbGxlcnkmc2U9MCZzbz0wJmhkYj0xJnNiPTEmZnM9MSZsPTAm" width="640" height="360" type="application/x-shockwave-flash" allowFullScreen="true"></embed></object>Using WP3.0 and Buddypress 1.2.5.2
Lead Developer — 20th July 2010 (1 year ago) #
Are you trying to embed it yourself? If so that's easy as Super Admins have the permission already. The trouble is when you want to enable them for other users, which would require a plugin that created a shortcode or something for it.
Keeper of the Dark Chocolate — 20th July 2010 (1 year ago) #
You could always cheat if these embeds will only stay on the main blog and won;t change that often. You can create your own shortcode and add it to the theme's function.php file.
http://codex.wordpress.org/Shortcode_API
Example:
I would think that would work. We do it on our blogs.
Member — 21st July 2010 (1 year ago) #
Thank you for your replies. I am new to all this so I appreciate your help.
@Aaron Yes I am trying to embed the javascript myself as a super admin but it doesn't show up in the post. I am trying to add the following code to my post. It is not remove on the html view but it is not present in the post. Not sure what I am doing wrong here. Please advise.
<script src="https://spreadsheets.google.com/gpub?url=http%3A%2F%2Ftbaoebshgeq225lhq2bam0m0a5mf6u0b.spreadsheets.gmodules.com%2Fgadgets%2Fifr%3Fup__table_query_url%3Dhttps%253A%252F%252Fspreadsheets.google.com%252Ftq%253Frange%253DA1%25253AC2267%2526headers%253D-1%2526gid%253D0%2526key%253D0ApT-n-lz0CPidEJkTjRYREx2bklhWW5VaHp1Y3Y4Unc%2526pub%253D1%26up_title%3DInitial%2520Jobless%2520Claim%2520July%25201%252C%25202010%26up__table_query_refresh_interval%3D300%26up_scale%3Dfixed%26up_values_suffix%26up_annotations_width%3D25%26up_display_zoom_buttons%3D1%26up_display_exact_values%3D1%26up_display_annotations_filter%3D1%26up_display_legend_inNewline%3D1%26url%3Dhttp%253A%252F%252Fwww.google.com%252Fig%252Fmodules%252Ftime-series-line.xml&height=400&width=600"></script>
Become a member