Zeka Posted March 8, 2020 Share Posted March 8, 2020 Hi. I'm using Matrix field as a content builder. One of its type is "Embed code" that contain Textarea field where editors can insert embed code. I know that such an approach opens possibilities for vulnerabilities for and it's better to stick to Textformatter approach but for now editors don't want to change it. Sometime editors inset code like <Iframe src = "https://www.facebook.com/plugins/post.php?href ......" width = "500" height = "441" style = "border: none; overflow: hidden" scrolling = "no" frameborder = "0" allowTransparency = "true" allow = "encrypted-media"> </ iframe> As you can see there are some errors in it that cause that only part of the page is rendered because of HTML parsing errors. So my question is how would you handle such an approach? I was thinking to try to use purifier, but there will be a lot of work to configure it rightly, maybe there is an easier way that I don't think about how to validate HTML? Link to comment Share on other sites More sharing options...
dragan Posted March 8, 2020 Share Posted March 8, 2020 If all embeds are iframes, I would only use a text field for the URL. There's also this textformatter module or a CKE plugin I would check out. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now