Yes, that doesn’t work anymore. If you clone the whitelist-iframe repo and add this line to the bottom of the whitelist-iframe.js.es6 file, it should work for you:
and it works. But it’s not perfect yet because it is not strictly limited to real google TLDs, which is a security issue. With the domains included by default, this has been solved by limiting them to the .com TLD. But at least in the case of Youtube this is too narrow.
I am not a RegEx expert and was not able to figure out how to specify a list of allowed TLDs. Anyone?
Sorry, I don’t understand. As far as I understood, @tophee was looking for a way to restrict the fuzzy match above to a concrete list of TLDs. google.community doesn’t appear to resolve to anything, but if @tophee wants to whitelist it anyways, adding it to the list like (com|de|org|community) should work, right?
Yes. You can’t use a style attribute - it gets stripped out by Discourse. Also, the script tag will be stripped out. You don’t need it for displaying the iframe.
The height has to be set to a fixed number. I think the only attributes you can use are width, height, and frameborder. Try something like:
Considering the length of that list, I almost think the simple fuzzy match option might actually be better that including the whole list in your regex. The most pragmatic approach is probably to pick a few TLDs based on where your membership sits and add more based on complaints. It’s really only an issue for highly international communities anyway.
If you’re using a fork of the Iframe Whitelist plugin with Discourse 1.9.0, you’ll need to sync your fork with the latest version, found here: https://github.com/scossar/whitelist-iframe.
For anyone using the whitelist-iframe plugin, it is broken on the latest version of Discourse (1.9.0.beta8.) There is now an allowed iframes setting on the Discourse settings page. Remove the whitelist-iframe plugin and add any iframe sources you would like to whitelist to that setting.