What do I need to do to enforce all iFrames are run in the sandbox mode?
An example being that I insert a YouTube video link inside of the TimeMCE editor (Embed). After clicking okay the embed iframe is generated in the source.
I want to modify this output. It seems like https://www.youtube.com/oembed is being called when I put the link in TinyMCE Embed dialog and the resulting xml gives what is saved.
This is what I would like to be the generated source:
If you go to the /config/TinyMceEditorConfig.config you should be able to add the "sandbox" attribute to the allowed attributes for the <iframe> element.
When you have done that make sure to recycle the app pool in order for the changes to take effect.
Thanks Jan, I was aware of that part. What I want to do is have it written by default in my application. Some users do not have access to the HTML of TinyMCE and therefore would not be able to add the attribute. Am I correct here?
I thought an approach like this would likely be it. I'll take it.
Can you provide clarrification on "instead of using the default embed option"? Once done, should I just overwrite the YouTube providers type in EmbededMedia.config and point it to my new type or something else?
In Umbraco 7 there is an "embed" option in the rich text editor - I assumed that was the one you're currently using? However I'd still suggest you go with your own macro.
No, if you make a partial macro using Razor then you don't need to make any changes to the EmbededMedia.config file since you will keep your logic in the partial razor macro.
TinyMCE Video Configuration
What do I need to do to enforce all iFrames are run in the sandbox mode?
An example being that I insert a YouTube video link inside of the TimeMCE editor (Embed). After clicking okay the embed iframe is generated in the source.
This is the generated source:
I want to modify this output. It seems like https://www.youtube.com/oembed is being called when I put the link in TinyMCE Embed dialog and the resulting xml gives what is saved.
This is what I would like to be the generated source:
Do I need to write my own AbstractProvider that will do this or can someone point me to where this can be done?
Hi Jerode
If you go to the /config/TinyMceEditorConfig.config you should be able to add the "sandbox" attribute to the allowed attributes for the
<iframe>element.When you have done that make sure to recycle the app pool in order for the changes to take effect.
Hope this helps!
/Jan
Thanks Jan, I was aware of that part. What I want to do is have it written by default in my application. Some users do not have access to the HTML of TinyMCE and therefore would not be able to add the attribute. Am I correct here?
Hi Jerode
Yes that's correct if some users are not able to edit the HTML then they won't be able to add the attribute.
What version of Umbraco are you using btw?
/Jan
Currently using 7.2 and plan on updating to the 7.2.1 patch later today.
Hi Jerode
Ok - Well perhaps you should consider making your own macro for inserting the youtube videos instead of using the default embed option.
By making your own macro for embedding youtube videos you could have the following parameters
url (textstring) with (textstring) height (textstring) constrain (true/false) sandbox (true/false)
Then based on the params you can output the desired markup for the iframe.
Hope this makes sense.
/Jan
I thought an approach like this would likely be it. I'll take it.
Can you provide clarrification on "instead of using the default embed option"? Once done, should I just overwrite the YouTube providers type in EmbededMedia.config and point it to my new type or something else?
Hi Jerode
In Umbraco 7 there is an "embed" option in the rich text editor - I assumed that was the one you're currently using? However I'd still suggest you go with your own macro.
No, if you make a partial macro using Razor then you don't need to make any changes to the EmbededMedia.config file since you will keep your logic in the partial razor macro.
Hope this makes sense.
/Jan
Thanks for the prompt replies.
is working on a reply...