WhiteList Iframe from facebook not show

Normal. I use plugin https://github.com/evil-shrike/discourse-whitelist-iframe.git
I insert
<iframe src="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fseen.everything%2Fvideos%2F1221002978004237%2F&show_text=0&width=400" width="400" height="400" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowTransparency="true" allowFullScreen="true"></iframe>

VDO can work. After last update Version v1.9.0.beta4
plugin https://github.com/evil-shrike/discourse-whitelist-iframe.git error “https://eleceasy.com/assets/plugin-third-party…”

I try plugin other

https://github.com/hiveeyes/discourse-whitelist-iframe.git
https://github.com/looker/discourse-whitelist-iframe.git
https://github.com/evil-shrike/discourse-whitelist-iframe.git
https://github.com/VinkasHQ/discourse-facebook-onebox.git

not work.
How can i fix it. Thank you very much

That plugin is likely broken; contact the author.

1 Like

Thanks! I wrote the original version of that plugin. It looks like the problem with the latest version of Discourse is that that Discourse.dialect_depreciated is no longer defined. I’ve pushed a fix to my repo that should take care of the problem.

To use it with the facebook URL, you’ll need to clone the repo and add the facebook URL to the list of whitelisted iframes. You can copy how to do that from one of the repos you listed above.

This plugin has been cloned 54 times. Because of problems with updates, I regret having shared it on this forum. It seems there is a demand to be able to use iframes on some forums. Maybe there is a better way that this could be approached.

Note: this plugin is no longer required. iframes can now be whitelisted through the allowed_iframes Site Setting. It accepts a list of iframe src domain prefixes that discourse can safely allow in posts.

4 Likes

Why i installed plugin

https://github.com/scossar/whitelist-iframe

But can not see file plugin on var

It looks like it’s installed. Does it work? Try the iframe code from a YouTube video to test it. If you have cloned my repository, it does not include the facebook URL

3 Likes

I can add

WhiteListIframe(/^(https?:)?\/\/www\.facebook\.com\/plugins\/.+/i);

in whiteList-Iframe.js.es6 yes or not?

1 Like

This API is removed now, use the site settings

https://github.com/discourse/discourse/commit/e283e6aea002fb533640e68f8ee7447cf0a7c90d

I am open to allow allowing a proper plugin api, but it can not be done as a global the way the old one was.

As it stands plugins can already hoist out html if they want to so its not particularly interesting to also allow them to whitelist iframes.

2 Likes

I am currently using the whitelist iframe plugin. Does this mean is will cease to work once I upgrade my discourse and that I will instead find a site setting where I can specify a list source domains that are safe? Does that setting understand regex?

There is a site setting

Does not understand regex only prefix, old API was removed

Why do you need regex?

1 Like

By that you mean I can specify not only domains but also subdomains?

One of my entries currently looks like this:

whiteListIframe(/^(https?:)?\/\/books.google\.(gr|pt|ae|au|com|de|fr|se|ca|co.uk|es|dk|co.za|fi|cz|be|nl|at|cn|com.br|jp|it|is|in|ie|id|mx|tr)\/.+&output=embed.*/i);

But I guess it’s possible to achieve this “the long way” without regex, at least if we drop the embed part…

Yeah the long way for now, I am mixed about allowing people regexes in site settings cause it is so easy to muck it up. Not strictly against, just wanted to see some use cases.

I mean you have to be explicit: https://somesite.com/embed? will work. You can specify domains or subdomains.

3 Likes

This topic was automatically closed after 2519 days. New replies are no longer allowed.