Added Code Doesn't Save

[robmcclel]

@hyunsupul ,

Testing the latest version of Editus -- best yet except for one puzzling problem: If I add code to a post using the <> function, it doesn't stay.

Once added, I can see it and it shows up in the post perfectly -- exactly as expected. I save it, and it still looks good. But, as soon as I refresh the page, publish it, or anything of similar nature, the added code completely disappears like it was never there.

Any ideas?

[robmcclel]

Hi, @hyunsupul , any ideas about this issue?

[hyunsupul]

Hi sorry I was traveling when you posted this issue and missed it. I have a little bit of problem reproducing the issue. Can you give me an example of the code you tried to insert?

[robmcclel]

Sure thing!

It seems to be scrubbing any code I enter -- even those from the back end. Perhaps there is a settings in Editus I have overlooked and it is scrubbing it out when it saves?

One piece of code I'm trying to enter is an Amazon book embed code (iframe), such as:

<iframe type="text/html" width="336" height="550" frameborder="0" allowfullscreen style="max-width:100%" src="https://read.amazon.com/kp/card?asin=B019S9WEHA&preview=inline&linkCode=kpe&ref_=cm_sw_r_kb_dp_Dk0qxb1TK7ACE" ></iframe>

But, again, it is even scrubbing pretty much everything, even an html <br> to try and adjust spacing.

[hyunsupul]

I see the issue and I will work on it. Thanks.

[hyunsupul]

Hi wanted to give an update.

I found that the tags are stripped out because Editus uses wp_kses_post() function to filter the html data before saving. The iframe tag was not one of the "allowed tags" I find it strange since I am sure you can add iframe tags if you edit the posts from the backend. I could remove the call to wp_kses_post but not comfortable to do so without knowing the intent of the original coder. If you have suggestions or ideas I would be happy to hear;

[robmcclel]

I image because iframes can be dangerous, as they allow for an unregulated code insertion.

However, it's also how Amazon is allowing for book embeds, so it's a big deal for my users.

Do you know why I couldn't add a line space via <br>? That seemed weird. I never noticed it before, until one user wanted to have a double space -- neither of us could make it happen. Not in the front or back ends.

I'm OK with removing it -- or, even better, with providing a method in Editus Settings for me to set the "allowed tags", maybe by a multi-select/checkbox option?

[hyunsupul]

Hi, I will try to release a new version this weekend that addresses this issue.

[robmcclel]

Woot!

[hyunsupul]

Sorry, could not get the new version out last weekend. Had some health issues personally. But I will try to get a new version out asap.

[robmcclel]

No worries - this is far from an emergency. Get your health in order, first. On May 31, 2016 6:37 AM, "hyunsupul" notifications@github.com wrote:

Sorry, could not get the new version out last weekend. Had some health issues personally. But I will try to get a new version out asap.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/AesopInteractive/lasso/issues/113#issuecomment-222690232, or mute the thread https://github.com/notifications/unsubscribe/ADLaNN2mgHtvO09TRazmkSuHD6EcOhKmks5qHDl2gaJpZM4IZ1Ia .

[hyunsupul]

Hi this php code (you can add this to your theme's functions.php code or using a custom PHP plugin) would allow iframe tag. This would be a workaround before a new release of Editus.

function editus_filter_allowed_html($allowed){ if ( !current_user_can( 'publish_posts' ) ) return $allowedposttags;

$allowed['iframe']=array(
    'align' => true,
    'width' => true,
    'height' => true,
    'frameborder' => true,
    'name' => true,
    'src' => true,
    'id' => true,
    'class' => true,
    'style' => true,
    'scrolling' => true,
    'marginwidth' => true,
    'marginheight' => true,

    );
return $allowed;

}

add_filter ( 'wp_kses_allowed_html', 'editus_filter_allowed_html', 1,1 );

[robmcclel]

Cool, thanks! On Jun 6, 2016 12:23 PM, "hyunsupul" notifications@github.com wrote:

Hi this php code (you can add this to your theme's functions.php code or using a custom PHP plugin) would allow iframe tag. This would be a workaround before a new release of Editus.

function editus_filter_allowed_html($allowed){ if ( !current_user_can( 'publish_posts' ) ) return $allowedposttags;

$allowed['iframe']=array( 'align' => true, 'width' => true, 'height' => true, 'frameborder' => true, 'name' => true, 'src' => true, 'id' => true, 'class' => true, 'style' => true, 'scrolling' => true, 'marginwidth' => true, 'marginheight' => true,

);

return $allowed;

}

add_filter ( 'wp_kses_allowed_html', 'editus_filter_allowed_html', 1,1 );

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/AesopInteractive/lasso/issues/113#issuecomment-224060810, or mute the thread https://github.com/notifications/unsubscribe/ADLaNMz4XBzCVKJFXVA9-pQf8woIw0U5ks5qJHOigaJpZM4IZ1Ia .

[hyunsupul]

Sorry there was an error in the third line of the code: Should be like this

function editus_filter_allowed_html($allowed){ if ( !current_user_can( 'publish_posts' ) ) return $allowed;

$allowed['iframe']=array( 'align' => true, 'width' => true, 'height' => true, 'frameborder' => true, 'name' => true, 'src' => true, 'id' => true, 'class' => true, 'style' => true, 'scrolling' => true, 'marginwidth' => true, 'marginheight' => true,

);
return $allowed;

}

add_filter ( 'wp_kses_allowed_html', 'editus_filter_allowed_html', 1,1 );