`iframes` not loading in LMS

[ShreehariVaasishta]

I'm using this markdown-xblock in my OpenEdx. I did find one issue when using iframe. The whole content of that particular component does not load in MFE LMS if i add an iframe in the markdown. Lets say i embed a youtube video

<iframe width="560" height="315" src="https://www.youtube.com/embed/jZGjzngtdRc" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

The component does not load in MFE LMS, but loads in the legacy LMS.

I'm using the tutor and have added git+https://github.com/citynetwork/markdown-xblock.git@v1.1.1 in private.txt. The component renders fine in the CMS, but not on LMS.

I'm not entirely sure if this is occurring due to OpenEdx or this X-block.

[mrtmm]

@ShreehariVaasishta thank you for the report. This is long overdue but I have looked into this now and I was able to reproduce the issue you were describing.

For what it's worth, iframes do work with this XBlock in the Learning MFE; However, as it depends on allowing inline HTML, you'll need to disable the safe_mode. In a Tutor environment you'll need a plugin for this. An example yaml plugin would be as follows:

name: markdown
version: 1.0.0
patches:
  openedx-common-settings: |
    XBLOCK_SETTINGS["markdown"] = {
        "safe_mode": False
    }

With that said, I see that when safe_mode is enabled and you try to add an iframe to your content, the whole component breaks. This is indeed a bug, the expected behaviour would be for you to see the iframe replaced with [HTML_REMOVED] and any other non-iframe content should still be loaded. I am not sure yet if this needs to be fixed in this XBlock or in the Markdown2 library, I will look into that in more detail.