iFrames stripped out and additional tags

Hello,

How can I get a copy of the additional tags plugin? Does it still work with 3.4.2?

I read that additional tags plugin was no longer supported, but we need users to be able to embed iframe videos (not YouTube and not a video source supported by any video embedding plugins) and I prefer a solution that does not require wrapping the embed code in a shortcode.

Is there a new and improved approach to solving this issue?

Thanks,
Phil D

P.S. Is there any particular reason that the drop down list of plugins on this page is presented in no apparent order? I STRONGLY vote for them to appear alphabetized in the drop down list.

There needs to be an "other" option when creating a post like this that deals with a plugin but not any of the current WPMUDEV plugins.

  • aecnu

    Greetings Phil D,

    Thank you for the great questions and feedback.

    What additional tags plugin?

    I have searched the available plugins and cannot find any reference to it at all?

    but we need users to be able to embed iframe videos (not YouTube and not a video source supported by any video embedding plugins) and I prefer a solution that does not require wrapping the embed code in a shortcode.

    I think that it is possible that Ultimate TinyMCE plugin may indeed work for this claiming one can just insert video URL's and they supposedly work.

    Regarding the feature request, that should certainly be in its own post/ticket.

    Please advise if the Ultimate TinyMCE allows you to embed your video code.

    Cheers, Joe

  • SooBahkDo

    Hello,

    We have Ultimate TinyMCE Pro installed on a WP3.4.2 installation with about 70 sites.

    Let me clarify that its the default WordPress stripping (from what I have read) that occurs on a Multisite Installation for all users but the Network Super Admin which I am seeking to modify. http://codex.wordpress.org/Roles_and_Capabilities
    http://wordpress.org/extend/plugins/filtered-html-for-editors/faq/

    I am seeking to give administrators and authors on each subsite the ability to embed iframes. Or I would create a special role with a role manger plugin and assign that role to all approved users but that seems a bit labor intensive.

    Typical solutions suggested are the two year old plugin "Unfiltered MU" (which many report ceased working at 3.0), and an old unsupported WPMUDEV plugin called Additional Tags that let site owners define additional tags users could use in HTML markup. https://premium.wpmudev.org/forums/topic/additional-tags-plugin

    Also hacking the kses was suggested (but highly advised against) and then of course there are all the plugins that use oEmbed to insert videos from trusted sources, toolbar video and media embed buttons like those on Ultimate TinyMCE and adding additional trusted oEmbed sources to functions.php.

    Adding additional trusted sources could cover some instances but not all and the modified file would get overwritten with a WP upgrade, sooooooo
    http://codex.wordpress.org/Embeds

    Our WP Network is semi-private and users are verified, so I am interested in allowing users of a trusted role to embed unfiltered HTML (specifically iframe content) from whatever source they want.

    I grasp the security issues involved and I would think that a TinyMCE editor plugin or a dedicated special plugin would exist to manage this.

    The goal is simple, - on a WP Multisite installation with trusted users, grant selected user roles (primarily subsite admins) the ability in the editor to embed unfiltered HTML so that switching between visual and HTML in the editor does not strip out iframes, etc.

    Is this a pipe dream?

    Thanks!
    Phil D

  • aecnu

    Greetings Phil D,

    Thank you for the great additional input, it is very helpful and clarifying to include routes you have already considered.

    As we know by default WordPress editor does not allow html tags to include iframes which will be stripped out by the editor.

    The code below will force the editor to accept more tags. Just paste it into your theme functions.php file, save it, and you’re done.

    function fb_change_mce_options($initArray) {
    	$ext = 'pre[id|name|class|style],iframe[align|longdesc| name|width|height|frameborder|scrolling|marginheight| marginwidth|src]';
    
    	if ( isset( $initArray['extended_valid_elements'] ) ) {
    		$initArray['extended_valid_elements'] .= ',' . $ext;
    	} else {
    		$initArray['extended_valid_elements'] = $ext;
    	}
    
    	return $initArray;
    }
    add_filter('tiny_mce_before_init', 'fb_change_mce_options');

    Or for even more advanced tag allowance:

    function fb_change_mce_options($initArray) {
        // Comma separated string od extendes tags
        // Command separated string of extended elements
        $ext = 'pre[id|name|class|style],iframe[align|longdesc|name|width|height|frameborder|scrolling|marginheight|marginwidth|src]';
        if ( isset( $initArray['extended_valid_elements'] ) ) {
        $initArray['extended_valid_elements'] .= ',' . $ext;
        } else {
        $initArray['extended_valid_elements'] = $ext;
        }
        // maybe; set tiny paramter verify_html
        //$initArray['verify_html'] = false;
        return $initArray;
        }
        add_filter('tiny_mce_before_init', 'fb_change_mce_options');

    Please advise if this indeed does the job for us.

    Cheers, Joe

  • SooBahkDo

    Hi Joe,

    Thanks very much for the reply.

    Is it possible to incorporate such code in a plugin.

    The problem with manual modifications to theme function files WP Multisite is we have over 300 themes and manual edits will get overwritten with updates.

    Can the functionality of the code you provided be incorporated in a plugin?

    Such a plugin might then be a premium feature on ProSites and/or activated site by site for only trusted users on a WP network.

    I though this functionality was what Additional Tags plugin provided and am not sure why it was abandoned. Perhaps someone could provide a copy of it unless it is known to be broken at WP3.4.2.

    Thanks,
    Phil D

  • aecnu

    Greetings Phil D,

    Thank you for your additional comments and yes I do understand the logic behind making it a plugin if possible - in which I will give it a shot and hopefully find the time to do so before the weekend is over as custom coding and making plugins are not part of my support mandate, but as you know we do try to help if we can.

    However, before I try to make this a plugin, could you please test this code on one of your sites to see if it indeed gives the anticipated reaction before we jump in too deep with possibly a plugin that does not work?

    Things on a development server do not always work the same once the hit the wild.

    Please advise.

    Cheers, Joe

  • SooBahkDo

    Hello Joe,

    Thanks for the offer to "plug-in-nize" the code. :slight_smile:

    I am trying out a couple of existing plugins before you go to that trouble.

    Inspecting the code in each of the following, it seems that "unfiltered MU" is the most sophisticated, so I am trying it out out now and will report back.

    unfiltered MU
    http://wordpress.org/extend/plugins/unfiltered-mu/

    Allow iframes
    http://www.topspinmedia.com/

    TSL iframe unfilter

    It also seems to me that since the embedding of iframes, etc. is a security issue, then extending that privilege on Multisite Networks to specific authenticated and trusted users (trusted subsite Admins) via a plugin (Premium plugin on Pro Sites) is a reasonable need.

    The use of shortcodes to wrap iframes, etc appears to be the preferred solution and I understand that, but it seems like giving subsite admins embedding privileges should be close enough to a core feature as to not require shortcodes to accomplish.

    One workaround I employed while exploring a solution was to use the Extended Super Admin plugin by Curtiss Grymala to create a new user role and preserve unfiltered html privileges for that new role and then assign it to subsite admins or other users needing iframe embedding privileges.

    http://wordpress.org/extend/plugins/extended-super-admins/

    Using this approach we can change the role of trusted authenticated users so they have unfiltered html privileges and no plugin is required except the Extended Super Admin plugin. However, this solution still requires the Network Super Admin modify the user role of every user on every subsite who deserves the ability to embed iframes.

    A PLUGIN specifically for granting iframe embed privileges might be a superior solution if it could also allow subsite admins to selectively grant unfiltered html privileges to trusted authenticated users on their subsites. Currently, those privileges are restricted to Super Admins unless the plugin addresses that as well.

    Or perhaps I am trying to accomplish this goal at the wrong level and use of a plugin that generates shortcode wrappers to enable iframe embedding is superior.

    I can see that if a particular subsite user is employing a plugin that generates shortcodes to wrap an irafme and that user happened to go rogue or embed malicious code, then the Admin or Super Admin could disable the plugin and kill the code that had been embedded, where as if the same user embeds malicious code that is not wrapped in shortcodes then the implications may be different.

    Thoughts? Suggestions?

    Later on I'll report back about the pros and cons of the unfiltered mu experience compared to the Extended Super Admin solution.

  • aecnu

    Greetings Phil D,

    Thank you for that very detailed explanation and information, it is great.

    This indeed has brought to my mind the Advanced Access Manager plugin which may indeed allow simple "authorization" to certain roles for iframe embedding or raw html.

    I have also read elsewhere that some folks just disable the visual editor and that the html editor straight does not strip the code, though I have never tested it using an iFrame.

    Looking forward to your results in any event and thank you once again for those great details.

    Cheers, Joe

  • SooBahkDo

    Hello,

    After much consternation and confusion regarding this issue I finally came to understand that the symptom of iframes being stripped when switching between visual and html mode and saving posts was actually specific to multisite installations due to core level multisite security precautions and role permissions.

    On single site wordpress installs the Admin user has the unfiltered_html capability by default which allows use of iframes in posts.

    However on Multisite installations, subsite Admin users DO NOT HAVE unfiltered_html capabilities.

    This was a point of confusion for me until I read the following:

    RE: Multisite:
    http://codex.wordpress.org/Roles_and_Capabilities

    Administrator
    The capabilities of Administrators differs between single site and Multisite installations.

    So, I adopted a different approach and installed Capability Manager and Extended Super Admins network wide to assign unfiltered_html capability to specific user roles roles.

    I also tested Role Scoper and other user role managers and most allowed turning on unfiltered_html for selected user roles.

    A role manager solution provides a finer grained level of control over who can add unfiltered_html on a network than do some of the other solutions like Automattic's unfiltered_html plugin.

    Using Capabilities Manger or a role manager, a network admin can create a specific role with unfiltered_html capabilities and then elevate trusted users to that role while preserving the restrictions on all other users including all unknown or untrusted subsite Admins on the multisite network.

    Providing unfiltered_html capability to a user role eliminates the iframe stripping issue for users with that role when they are switching between visual and html mode in the editor and when saving posts that contain iframes.

    Maybe clarification of what is actually happening will help someone else avoid chasing their tail like I did and come to a rapid solution when confronted with the issue.

    Phil D

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.