Vulnerability in EPiServer.Forms
I have a VideoFile.cs model as well as it's View (Views/VideoFile/Index.cshtml), with a disabled download control on a player.
However when I upload video through TinyMCE -> Insert/edit media, it then uses some other than my player and has download control enabled.
How can I make it use my player which is in Views/VideoFile/Index.cshtml?
Also when TinyMCE -> Insert/edit media -> Advanced used, nothing is being inserted, why so?
Thank you, cheers!
Can you please share your VideoFile.cs and view file code here?
[ContentType(GUID = "85468104-E06F-47E5-A317-FC9B83D3CBA6")]
[MediaDescriptor(ExtensionString = "flv,mp4,webm")]
public class VideoFile : VideoData
string videoUrl = Url.ContentUrl(Model.ContentLink);
string videoExtension = Path.GetExtension(videoUrl ).Replace(".", "");
<video controls controlsList="nodownload">
<source src="@videoUrl " type="video/@videoExtension">
Your browser does not support the video tag.
But I now guess I should cover this question more on TinyMCE side than VideoFile model, something as here https://www.tiny.cloud/docs/plugins/media/#audio_template_callback
What you could do is add a UI descriptor for your video file:
public class VideoFileDescriptor : UIDescriptor<VideoFile>, IEditorDropBehavior
public EditorDropBehavior EditorDropBehaviour
EditorDropBehaviour = EditorDropBehavior.CreateContentBlock;
This means that when an editor drag-and-drops in from the assets pane it won't create a link (the default) but will instead insert it as content—which will use your view.
I think that'd be the easiest way to solve this and get the behaviour you want here.