Closed domstubbs closed 6 years ago
@domstubbs This looks good… Can you just double check for me that changing the embed raw input on an existing entry still saves. I'm 99.99% sure it will as we parse the raw input when the data is normalised on post.
https://github.com/newism/craft3-fields/blob/master/src/fields/Embed.php#L104
Ah I didn’t spot that you were doing that.
I’ve just double checked and populating/removing/replacing URLs still works as normal, so we’re all good.
Thanks for a really useful plugin. I’m using the Embed fields and noticed that when I saved an entry with a Vimeo embed in Safari the preview failed to render when the page reloaded. This was coupled with an error in the console:
It looks as though the XSS auditor is picking up on the fact that the Embed Data preview field contains iframe code that is POSTed with the save request, then it detects that Craft tries to output said iframe on the next page, which seems fishy, so it refuses to display the iframe.
Disabling the preview field prevents it from being POSTed and fixes the XSS error, so previews work reliably.