WhiteList Iframe from facebook not show

(Bank Live) #1

Normal. I use plugin GitHub - evil-shrike/discourse-whitelist-iframe: Discourse plugin to add urls to Discourse.Markdown._validIframes
I insert
<iframe src="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fseen.everything%2Fvideos%2F1221002978004237%2F&show_text=0&width=400" width="400" height="400" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowTransparency="true" allowFullScreen="true"></iframe>

VDO can work. After last update Version v1.9.0.beta4
plugin GitHub - evil-shrike/discourse-whitelist-iframe: Discourse plugin to add urls to Discourse.Markdown._validIframes error “https://eleceasy.com/assets/plugin-third-party…”

I try plugin other


not work.
How can i fix it. Thank you very much

(Jeff Atwood) #2

That plugin is likely broken; contact the author.

(Simon Cossar) #3

Thanks! I wrote the original version of that plugin. It looks like the problem with the latest version of Discourse is that that Discourse.dialect_depreciated is no longer defined. I’ve pushed a fix to my repo that should take care of the problem: GitHub - scossar/whitelist-iframe: Discourse plugin to add urls to Discourse.Markdown._validIframes

To use it with the facebook URL, you’ll need to clone the repo and add the facebook URL to the list of whitelisted iframes. You can copy how to do that from one of the repos you listed above.

This plugin has been cloned 54 times. Because of problems with updates, I regret having shared it on this forum. It seems there is a demand to be able to use iframes on some forums. Maybe there is a better way that this could be approached.

(Bank Live) #4

Why i installed plugin


But can not see file plugin on var

(Simon Cossar) #5

It looks like it’s installed. Does it work? Try the iframe code from a YouTube video to test it. If you have cloned my repository, it does not include the facebook URL

(Bank Live) #6

I can add


in whiteList-Iframe.js.es6 yes or not?

(Sam Saffron) #7

This API is removed now, use the site settings

I am open to allow allowing a proper plugin api, but it can not be done as a global the way the old one was.

As it stands plugins can already hoist out html if they want to so its not particularly interesting to also allow them to whitelist iframes.

(Christoph) #8

I am currently using the whitelist iframe plugin. Does this mean is will cease to work once I upgrade my discourse and that I will instead find a site setting where I can specify a list source domains that are safe? Does that setting understand regex?

(Sam Saffron) #9

There is a site setting

Does not understand regex only prefix, old API was removed

Why do you need regex?

(Christoph) #10

By that you mean I can specify not only domains but also subdomains?

One of my entries currently looks like this:


But I guess it’s possible to achieve this “the long way” without regex, at least if we drop the embed part…

(Sam Saffron) #11

Yeah the long way for now, I am mixed about allowing people regexes in site settings cause it is so easy to muck it up. Not strictly against, just wanted to see some use cases.

I mean you have to be explicit: https://somesite.com/embed? will work. You can specify domains or subdomains.