[Elgg 1.8-1.12 & 2.X & 3.X: Extended TinyMCE] vr21

Release Notes


  • Updated to version 4.0.1 of the Tinymce editor,
  • For backward compatibility with version 3 of the editor the folder extended_tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/emotions/img contains the emoticons images at the location where they were available before.
  • When I try to embed some youtube videos this whole code disappears:

    <iframe src="http://www.youtube.com/embed/LtBNKQK8MtE" frameborder="0" width="425" height="350"></iframe>

    I guess htmlawed cencors the code. Too bad, I liked the embed-plugin in TinyMCE. Any way to work around the problem without creating a huge vulnerability?

  • I replaced this code in htmlawed

    unset($e['applet'], $e['embed'], $e['iframe'], $e['object'], $e['script']);

    With this code
    unset($e['applet'], $e['embed'], $e['object'], $e['script']);

    And embed is now working

  • @Darth Vader: I don't know if this is the best way to allow embedding of videos while at the same time not reducing safety. Basically, you now allow ANY iframes to be embedded. Most likely you can configure htmlawed more specific to allow for only specific iframes from specific domains to be embedded, but I don't know enough about htmlawed to give you any advice here.

    Another possibility might be using for example the Embed Extender plugin that parses the content and automatically converts video urls to embedded videos. So, there would be no need to touch htmlawed at all.


  • Category: Tools
  • License: GNU General Public License (GPL) version 2
  • Updated: 2019-4-5
  • Downloads: 21399
  • Recommendations: 52

Other Projects

View iionly's plugins