While it is good security practise to prevent arbitary HTML embeds inside posts, it is also restricting me as an admin from embedding iframes and some videos which are not yet onebox supported. I would like the functionality to embed simple html like iframes as an admin user.
Can anyone help me on how to enable this functionality? And how many users here would like a similar setting to whitelist some html tags for the admin in settings?
Searching for a solution to the same problem as @envieme I found this thread and also the other thread with the simple whitelisting plugin.
But as far as I’m concerned, the plugin does not solve the base problem: On the one hand, I don’t know what I’m going to post in the future (and updating the plugin all the time is a hassle). On the other hand, I don’t want to grant all users the ability to use the same iframes as me.
As an admin, I know exactly what I do and I should not be restricted by content filtering. So it would be nice to have either a plugin or a setting to disable whitelist-checking for admin accounts.
I agree that the whitelist-iframe plugin isn’t a great solution. I just noticed that the plugin has been forked 42 times, so there is a demand to be able to add iframes to posts. I think that for most cases it would be sufficient if this was something that could only be done by admins.
<iframe>s can now be whitelisted through the
allowed_iframes Site Setting. It accepts a list of iframe src domain prefixes that Discourse can safely allow in posts.