[#43407] - TinyMce Editor iframe and general
- New
- Medium
- Build: 4.4-dev
- # 43407
Steps to reproduce the issue
Put this into text editor code
<iframe src="https://www.google.com/maps/embed?pb=!1m14!1m12!1m3!1d24578.379315757487!2d22.4165888!3d39.64302065!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sel!2sgr!4v1714479981262!5m2!1sel!2sgr" width="600" height="450" style="border:0;" allowfullscreen="" loading="lazy" referrerpolicy="no-referrer-when-downgrade"></iframe>Expected result
Show map iframe
Actual result
Puts sandbox="" and prevents to load the iframe and becomes
<iframe src="https://www.google.com/maps/embed?pb=!1m14!1m12!1m3!1d24578.379315757487!2d22.4165888!3d39.64302065!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sel!2sgr!4v1714479981262!5m2!1sel!2sgr" width="600" height="450" style="border:0;" allowfullscreen="" loading="lazy" referrerpolicy="no-referrer-when-downgrade" sandbox=""></iframe>Also in sandbox we cannot add values or edit it so allow something to work. Always remains empty so restricts everything.
I cannot figure out how to change it and allow iframes work somehow.
System information (as much as possible)
Joomla 5.0.1
Php 8.2
Additional comments
i setted it as use joomla filters and joomla filters setted to none. Shouldn't this be initialized somehow so no changes happened to any value?
Tiny mce at final keeps editing text and doennt allow even a custom structure or something like that:
<a>
<img/>
<div>
<div></div>
<div></div>
</div>
</a>
Votes
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
Followed your video and It does the same behaviour... Puts the sandbox inside!
yes it is supposed to put the sandbox there. As I said this is a security change from tinymce https://www.tiny.cloud/docs/tinymce/latest/7.0-release-notes/#security-fixes
So we cannot put an iframe like google maps from now on? I now its a security fix but
What this documentation/update changes says is this:
..
From TinyMCE 7.0.0 onwards the default value of this option is true.
...
In TinyMCE 7.0.0 a new sandbox_iframes_exclusions option was also added, allowing a list of domains to be specified that should be excluded from having the sandbox="" attribute applied when the sandbox_iframes option is enabled. By default, this option is set to an array of domains that are provided in embed code by popular websites. To sandbox iframe elements from every domain, set this option to [].
also this exists..
Without those every map on site with iframe will not be displayed because it will become sandboxed. Something that so many years was working. Maybe in the plugin we should have an option to enable or disable this option and put convert_unsafe_embeds and sandbox_iframes_exclusions value if needed.
tinymce.init({
selector: 'textarea', // change this value according to your html
sandbox_iframes: false
});
This is intended behaviour and implements the security hardening in tniymce
This doesn't work for me either. Joomla 5.1.0
I understand this is done for security but I can't find any solution to allow me to embed youtube videos with iframe which makes this a complete annoying bug
Workaround:
Install TinyMCE Configuration Modifier plugin https://github.com/nikosdion/plg_system_tinymod
Then add:
{
"sandbox_iframes": false
}
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43407.
This is intended behaviour and implements the security hardening in tniymce
https://youtu.be/OGZ06TCdJHc?si=Z0sSHlVaV-OP0wRi&t=64