Introduction with tinymce and iframes questions

Hi all,

Recently found Elgg when doing some research for my first social networking site and was most impressed!

The site is for players of World of Warcraft mostly intended at this point to get my guild members more interactive with each other outside of the game but bringing them together over a common hobby.

My questions are in relation to tinymce - in particular with the anytext mod, ill jump right into it.

1) WoW offers players the ability to place a detailed character image on websites via iframe tags, from looking around the site some people seem wary of allowing people to do this - is this a security concern in general?

2) After installing the anytext mod and attempting to insert the iframe tags it became apparent that to use it the add/remove editor button had to be selected to remove the editor for it to work as I need - is there a way to have the editor removed on initial load so that users are able to simply paste in the iframe data?

If anyone is curious the site is www.TheWarcraftClub.com a direct link to a profile using the anytext mod with iframe (the character model on the right) is http://thewarcraftclub.com/pg/profile/Wektis  

Just a basic site at the moment currently working on functionality!

  • Allowing arbitrary insertion of iframes (or javascript) is very insecure and by default Elgg will filter them out.  What is usually done in this case is something similar to an SQL prepared query.  You have an input box for the user to enter his character's name (or id, or however the iframe's address differentiates the characters) and upon output display the hard-coded URL with the character name inserted into the correct spot.

    For the second question, change the input type from longtext to text and it will not have TinyMCE.

  • Thank you very much for the response Brett, I'll have a play as soon as I get back home