Preventing IFRAME pasting into TinyMCE via Visual Editor side.

Vote:
 

Hi there,

We are trying to prevent users within our site from pasting in specific code that's copied from one website into our editors on our site via them pasting stuff into the WYSIWYG editor (not the code editor as we have that disabled). This works fine in regards to anything that is in a style tag or any javascript as it looks like TinyMCE already strips that out, but for IFrames it still brings that over.

I'm just wondering how i can go about and remove that ability from all editors? 

I have tried using the "invalid_elements" option within the settings of our TinyMCE initialization but it doesn't seem to work as it still allows me to paste in a YouTube video from one site into our site, so not sure if i am missing something or not. 

.AddSetting("invalid_elements", "iframe[align<bottom?left?middle?right?top|class|frameborder|height|id"
  + "|longdesc|marginheight|marginwidth|name|scrolling<auto?no?yes|src|style"
  + "|title|width]")

Thanks

DK

#249167
Feb 24, 2021 18:40
Vote:
 

Have you tried valid_children attribute something like below? The "-" removes iframe as a valid child element from the editor.

.AddSetting("valid_children", "-iframe[*]")

or

.AddSetting("valid_children", "-body[iframe]")
#249168
Edited, Feb 24, 2021 20:15
Vote:
 

Thanks Aniket for you assistance, I did try that but for some reason it still didn't work, not sure why :/

What ended up working though is that i used the same code as before but realizing that I was including attributes which, as the TinyMCE documentation stated, were not permitted for the "invalid_elements" issue.

Redoing the code this way resolved the issue:

.AddSetting("invalid_elements", "iframe")

Cheers

DK

#249193
Feb 24, 2021 23:18
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.