Welcome! » Log In » Create A New Profile

iframe src removed in error

Posted by valME 
iframe src removed in error
September 25, 2017 02:47PM

Might be a potential bug...

Here's a perfectly good iframe (as far as I can tell - the URL will load without purification and it's from https://www.nbc.com/saturday-night-live/video/china-cold-open/n12611):

<iframe src="https://player.theplatform.com/p/HNK2IC/y9LXf40HJyoN/select/media/guid/2410887629/2a36a4ddd4958526b23d764dbd7f4468?autoPlay=false&ec=f&params=policy%3D107161636%26fallbackSiteSectionId%3D1676939%26siteSectionId%3Dnbc_video_vod%26manifest%3Dm3u%26switch%3DHLSOriginSecure%26siteSectionId%3Dnbc_video_vod_embed&fwsitesection=nbc_video_vod_embed&isEmbedded=true" width="480" height="270"></iframe>

Yet HTML Purifier strips the src with the message:

Error Line 1, Column 0: src attribute on <iframe> removed

For the life of me, I can't figure out why. Any idea what it's choking on? Thanks.

Re: iframe src removed in error
October 01, 2017 07:25PM

Apologies - the bug was on my end.

Your Email:


HTML input is enabled. Make sure you escape all HTML and angled brackets with &lt; and &gt;.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines:

Place code here

Power users, you can hide this notice with:

.htmlpurifier-help {display:none;}