IFRAMES on issue description

Recently a journal asked me to insert youtube videos in the issue description.
I thought “no problem”: modify config.inc.php to allow iframes tags (and attributes) and work done, but…

Youtube code is an IFRAME and htmlpurifier libray is configured to filter iframes, never mind how you set your allowed_html

The only post I found talking about this is from @vlilloh, two years ago:

I’m not a great fan of forking OJS code, so before following the same way vicente did… I love to hear if any of you found an alternative solution.

BTW @vlilloh, before “greping”, what file did you modify to allow safe iframes?

Any way, if there is no other solution… may be this topic must be moved to “Feature request”. :wink:

Thanks in advance for your help,

Hi @marc,

@vlilloh’s modification is still the best way, but beware that it’s dangerous to allow iframes in user-submitted HTML content because of the potential for phishing and the like. You’d make the change in lib/pkp/classes/core/String.inc.php in the stripUnsafeHtml function.

Alec Smecher
Public Knowledge Project Team

1 Like