iframe stripped it page view

[mofetdanielsmolkin]

Hello,

We have an issue that when we add and embed iframe tag it is stripped from the view state though it remains and visible in edit state in atto editor.

after some code research, i've i found that there is call for "format_text" moodle core function that strips iframe tags.

file: mod/ouwiki/locallib.php line: 965

please note:

that the embedded iframes are enabled in moodle security settings and when i adding embedded iframes through mod_page it works very well.

only in ouwiki view state they are stripped.

[jason-platts]

You would need the config setting enabletrusttext set (and forceclean not set) in order for format_text to not strip out iframes (as otherwise Moodle will 'clean' the text input).

These settings are not recommended as they expose your site to security risks.

Page is forcing non-cleaning of text, that is why that works for you (arguably this is a bug in Page) - but this is not advisable for wikis as the idea is that 'non-trusted' users are allowed to contribute...