Embedding Video

Posted: Sun Oct 19, 2008 8:53 am

I apologize in advance if I missed something, or posted this in the wrong place, but I searched and cant find how this can be embedded into a post in my site's forums. I can add youtube stuff, but I can't figure this one out.

Quote:

Any help? Everything that I try just shows the code in the post.

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Iframes are dangerous. Is there a way you can use object tags with msnbc content?

Worker Joined: Oct 05, 2003 Posts: 107 Location: Illinois

kguske is right, I removed the web bbcode from the advanced bbcode addon due to the extreme security vulnerability of that addon. They can inject pretty much any hack into a web script and add it to your site.

Client Joined: Jan 29, 2004 Posts: 624

Does this explain why I can't embed iframe videos into stories in RavenNuke 2.5? I should use the object format instead?

Posted: Sat Jan 28, 2012 10:00 am

I would have to think this is once again the $allowablehtml array which does not allow for iframe, and shouldn't. Were you able to to do this prior to 2.5?

If so, that's kinda strange since we actually expanded the $allowablehtml array from the prior version. Makes me wonder if we had been properly filtering before..

Posted: Sat Jan 28, 2012 11:55 am

Dacubz wrote:

I apologize in advance if I missed something, or posted this in the wrong place, but I searched and cant find how this can be embedded into a post in my site's forums. I can add youtube stuff, but I can't figure this one out.

Quote:

Any help? Everything that I try just shows the code in the post.

Knock yourself out. Here is the object code you need to put into the SOURCE of the news item you want it to show in.

Code:

<object width="425" height="300" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="msnbc1b190c">


<param value="http://www.msnbc.msn.com/id/32545640" name="movie" />


<param value="launch=27265490&amp;width=425&amp;height=300" name="FlashVars" />


<param value="always" name="allowScriptAccess" />


<param value="true" name="allowFullScreen" />


<param value="transparent" name="wmode" /> <embed width="425" height="300" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" wmode="transparent" allowfullscreen="true" allowscriptaccess="always" flashvars="launch=27265490&amp;width=425&amp;height=300" src="http://www.msnbc.msn.com/id/32545640" name="msnbc1b190c"></embed></object>

Tested on my site and working... it's embedded.

Edit.... Sheesh... i'm behind the curve.

Posted: Sat Jan 28, 2012 12:31 pm

spasticdonkey wrote:

I would have to think this is once again the $allowablehtml array which does not allow for iframe, and shouldn't. Were you able to to do this prior to 2.5?

If so, that's kinda strange since we actually expanded the $allowablehtml array from the prior version. Makes me wonder if we had been properly filtering before..

Yes, prior to RavenNuke 2.5 I was able to embed iframe videos like YouTube. I thought this was due to posting stories as admin, since admin overrides $allowablehtml. I could post javascript too which is not in $allowablehtml.

Posted: Sat Jan 28, 2012 12:42 pm

Yeah I could be wrong about that. I was drawing conclusions from another recent thread. I'll try out some things when I get a chance.... but having one of those mornings where I'm not getting much accomplished.. I guess it IS Saturday Smile

So killing-hours, did your code work?

Posted: Sat Jan 28, 2012 5:17 pm

southern, can you post an example of what you are trying to post?

Posted: Sat Jan 28, 2012 5:53 pm

southern, this has to do with filtering added in 2.5. It seems to be to strict for admins. I will get back to you.

Posted: Sat Jan 28, 2012 8:01 pm

Palbin wrote:

southern, can you post an example of what you are trying to post?

Just the typical YouTube embed code:

Code:




<iframe width="420" height="315" src="http://www.youtube.com/embed/JkNZjDM_FQI" frameborder="0" allowfullscreen></iframe>

YouTube offers the old style object embed too, so I can use that.

There are other embed codes that I need for stories, MRCTV:

Code:




<iframe title="MRC TV video player" width="640" height="360" src="http://www.mrctv.org/embed/108849" frameborder="0" allowfullscreen></iframe>

When I put these in the Source of FCKEditor and switch back to WYSIWYG they show but in Preview the the videos disappear.

Posted: Sun Jan 29, 2012 10:55 am

southern, open modules/News/admin/index.php. Do a find and replace of:

Code:




check_html($hometext, '')

to:

Code:




check_html($hometext, 'nocheck')

and also the following

Code:




check_html($bodytext, '');

to:

Code:




check_html($bodytext, 'nocheck');

Posted: Sun Jan 29, 2012 12:31 pm

Thanks, Palbin. Smile

I'll do this ASAP.

Worker Joined: Apr 17, 2011 Posts: 117 Location: Amsterdam

Palbin wrote:

southern, open modules/News/admin/index.php. Do a find and replace of:

Code:




check_html($hometext, '')

to:

Code:




check_html($hometext, 'nocheck')

and also the following

Code:




check_html($bodytext, '');

to:

Code:




check_html($bodytext, 'nocheck');

is this not bad? I mean I want to add it but I am afraid to delete the html check...

Posted: Sat Sep 22, 2012 1:50 pm

It is only bad if an unauthorized person gets into your administration, but at that point they have all your users etc. I would have no problem doing it to a live site that I own.

Posted: Mon Jun 03, 2013 9:36 am

Quote:

Just the typical YouTube embed code:

Code:




<iframe width="420" height="315" src="http://www.youtube.com/embed/JkNZjDM_FQI" frameborder="0" allowfullscreen></iframe>

YouTube offers the old style object embed too, so I can use that.

There are other embed codes that I need for stories, MRCTV:

Code:




<iframe title="MRC TV video player" width="640" height="360" src="http://www.mrctv.org/embed/108849" frameborder="0" allowfullscreen></iframe>

When I put these in the Source of FCKEditor and switch back to WYSIWYG they show but in Preview the the videos disappear.

Involved Joined: Nov 19, 2003 Posts: 282

Palbin wrote:

southern, open modules/News/admin/index.php. Do a find and replace of:

Code:




check_html($hometext, '')

to:

Code:




check_html($hometext, 'nocheck')

and also the following

Code:




check_html($bodytext, '');

to:

Code:




check_html($bodytext, 'nocheck');

Is there a way to do this for the content module?

registered · Site Admin Joined: Aug 22, 2007 Posts: 1775

Open rnconfig.php and find:

php Code:

'img' => array('class' => 1, 'style' => 1, 'id' => 1, 'alt' => 1, 'src' => 1, 'hspace' => 1, 'vspace' => 1, 'width' => 1, 'height' => 1, 'border' => 1, 'align' => 1),

addd after:

php Code:

'iframe' => array('class' => 1, 'style' => 1, 'id' => 1, 'scrolling' => 1, 'src' => 1, 'frameborder' => 1, 'width' => 1, 'height' => 1),

After that you can add the iframe tag in the source-tab of the editor. I'm working with the CK editor and have never tried the old FCK editor along this way but it should work.

Here is a related issue if users can also use the iframe tag: http://www.ravenphpscripts.com/ftopicp-164397.html#164397

The nocheck-way is not really the best way because you will tunnel the whole filtering for the passed variable!

Posted: Fri Aug 19, 2016 1:10 pm

neralex wrote:

Open rnconfig.php and find:

php Code:

'img' => array('class' => 1, 'style' => 1, 'id' => 1, 'alt' => 1, 'src' => 1, 'hspace' => 1, 'vspace' => 1, 'width' => 1, 'height' => 1, 'border' => 1, 'align' => 1),

addd after:

php Code:

'iframe' => array('class' => 1, 'style' => 1, 'id' => 1, 'scrolling' => 1, 'src' => 1, 'frameborder' => 1, 'width' => 1, 'height' => 1),

After that you can add the iframe tag in the source-tab of the editor. I'm working with the CK editor and have never tried the old FCK editor along this way but it should work.

Here is a releated issue if users can also use the iframe tag: http://www.ravenphpscripts.com/ftopicp-164397.html#164397

The nocheck-way is not really the best way because you will tunnel the whole filtering for the passed variable!

THANK YOU Neralex! worship

I have done it your way and restored the previous changes that Palbin suggested. Your way seems to work perfectly! I did have to add some tags there though .. i.e. allowfullscreen, mozallowfullscreen, etc.