Filtering iframe tag in Full Html

[Dulcinea Donati]

Using the standard editor, with _no_ html filtering, trying to past a Google Map Iframe in the source, after untoggling the source button the iframe has disappeared. More detailed information ​here.

Easily reproducible in the demo page. This doesn't happens in the Advanced editor.

How to reproduce:

1) Install CKeditor 4.3.3, Standard Package

2) Select an Iframe to embed (e.g., a Google Map)

3) Toggle the source button

4) Paste the iframe code

5) Untoggle the source button

Error: The iframe has disappeared

[Piotrek Koszuliński]

I tried to paste this into the source:

<p><iframe frameborder="0" height="350" marginheight="0" marginwidth="0" scrolling="no" src="https://maps.google.com/?ie=UTF8&amp;ll=37.0625,-95.677068&amp;spn=57.292148,115.048828&amp;t=h&amp;z=4&amp;output=embed" width="425"></iframe><br />
<small><a href="https://maps.google.com/?ie=UTF8&amp;ll=37.0625,-95.677068&amp;spn=57.292148,115.048828&amp;t=h&amp;z=4&amp;source=embed" style="color:#0000FF;text-align:left">View Larger Map</a></small></p>

It is a code I got from ​http://maps.google.com.

After switching between modes it's correctly preserved. Could you check what it has to be precisely to cause the issue?

[Piotrek Koszuliński]

PS. Sorry for the Defensio/Akismet filters - either they are filtering out too much or too few.

[Jakub Ś]

You have written that you are using CKEditor standard package (have you got iframe button on toolbar?). The problem is that standard package doesn't have iframe plugin included furthermore in CKEditor 4.1 we have introduced Advanced Content Filter (ACF) which filters tags that are not reported to it.

Please read about CKEditor ACF here:
​http://ckeditor.com/blog/Upgrading-to-CKEditor-4.1
​http://ckeditor.com/blog/CKEditor-4.1-RC-Released
​http://docs.ckeditor.com/#!/guide/dev_advanced_content_filter
​http://docs.ckeditor.com/#!/api/CKEDITOR.filter-method-addTransformations
​http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent
​http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-extraAllowedContent

Next go to CKEditor module settings in Drupal and configure ACF according to your needs.

I'm closing this issue as invalid.

[Jakub Ś]

@donnadulcinea if ACF is not the case you are of course welcome to leave comment with further explanations. I will then reopen this ticket but currently it really looks like ACF configuration issue.

If possible please leave a comment here and on Drupal if this was your problem. Thank you.

[Dulcinea Donati]

I am reading the documentation and ok, it works as expected. Thanks Reinmar and J.Swiderski.

On the other hand, I must say that (for me) it has been a little arduous to get, since there is no direct evidence why html objects like iframe should be stripped out. Which as I said it's easy to replicate in the demo, standard package tab (ref #comment2). Even more because before it worked.

Now, because of this, in Drupal for instance, some html objects are lost even with "Full Html" status, which I would say, shouldn't happen. And I can't find a way to fix this easily without coding, or configuring scripts (which I try to avoid because after upgrades to modules or scripts like ckeditor, edits can be lost). There is no ACF setting in fact as far as I searched:

• /admin/config/content/ckeditor/edit/Advanced
• /admin/config/content/formats/full_html
• /admin/config/content/ckeditor/editg

At this moment, I fixed this installing the full version (and replacing the skin with kama for the well known icons disappearing issue).

Hope this can help somebody not so eyes sharpened like me! Thank you again for your help!!

[Jakub Ś]

in Drupal for instance, some html objects are lost even with "Full Html" status, which I would say, shouldn't happen.

If you are using some add-on software it is worth to read its documentation. I'm CKEditor user and when I first used it with Drupal my tags were also gone. I was wondering for a while what is going on (my ACF was disabled) and then it turned out Drupal has extra HTML filters. At first I thought to myself - this is wrong especially from CKEditor point of view but then I thought hey man that is what you get when you don't read manuals.

nd I can't find a way to fix this easily without coding, or configuring scripts

What? That is completely not true. If you are using latest Drupal 7.26 then please go to Modules->CKEditor->Configure and edit your profiles. Each of them has ADVANCED CONTENT FILTER setting which can be disabled/enabled or extended.

[Piotrek Koszuliński]

Fortunately in Drupal8 filters will be synchronised between CKEditor and Drupal :).

[Dulcinea Donati]

Ok I am sorry to take advantage of your patience, but now I am really curious.

I am running on Drupal 7.26, with last version of ckeditor 4.3.3.

As you can see from the screenshot, following your steps, there is no trace of ACF in the config (see: ​http://donnadulcinea.files.wordpress.com/2014/03/ckeditor1.png (too big to post)). Please, tell me what I am doing wrong.

As I said in #comment7 I carefully set up configuration in pages:

• /admin/config/content/ckeditor/edit/Advanced
• /admin/config/content/formats/full_html
• /admin/config/content/ckeditor/editg

Furthermore you say: "this is wrong especially from CKEditor point of view", but it's not only a Drupal issue since as I tried to paste an iframe in the online ckeditor demo page (see #comment7 and #comment2), this behaviour is expected as far as you don't change ACF settings.

You correctly point out that manuals must be read. And of course I did before bothering people who knows more. But I also would like again, like you did, to express my concern when something is not intuitive.

I think I've focused the problem. The Full featured version of ckeditor allows to paste iframe, and the standard package doesn't (again, please try in the demo page). To paste Iframe is not a "feature" imho, thus should be absent or (i prefer) present in both packages when editing the source code.

Thank you for answering me.

p.s. another interesting link pointing out the problem: ​https://drupal.org/node/1936392 (fortunately, as Reinmar said :)

[Dulcinea Donati]

Update: In case you were talking about the security filters settings for each of the text formats i.e. the page /admin/config/content/formats/full_html, I've already been there also.

As already said, the setting Limit allowed HTML tags on section Enabled filters I had unchecked from the beginning.

[Jakub Ś]

I tried to paste an iframe in the online ckeditor demo page (see #comment7 and #comment2), this behaviour is expected as far as you don't change ACF settings.

I'm guessing there is no 'meet everyone expectations' rule here. Either users are familiar with CKEditor and follow our updates, blog, they read manuals or they learn the hard way.
The only solution will be Drupal 8 where filters will be synchronized.
I understand this isn't intuitive because such advanced filter may not be expected in JS applications but that doesn't make it obsolete. Once you get to know it, learn how to use it, it is very powerful tool.

I am running on Drupal 7.26, with last version of ckeditor 4.3.3.

My bad :). That is not what I have meant. I was talking about latest CKEditor for Drupal module. It isn't enough to update client-side you need to update server-side as well.

[Dulcinea Donati]

Just to be clear, I meant is expected according to the CKEditor manual. I am aware of the power of ACF, this is out of discussion, I just don't agree with the different behaviour on pasting iframes from Standard Package to Full Package. Why should it change, being the difference about packages just a matter of features.

But still can't find any ACF setting you've cited. I also run last version of non-dev module, 7.x-1.13, maybe passing to dev should fix.

Anyway I don't want to take more of your time. Problem is clear now. And you have been very kind. Thank you again for providing such incredible html editor!! :)

[Jakub Ś]

@donnadulcinea it has turned out you are partially right. The problem is that we haven't updated latest DRUPAL OS module thus you can't see this setting. My colleagues have told me they will do it in near future.

For now please use development release which has this feature and is fully stable.