Doesn’t support video embeds?
Closed this issue · 5 comments
Hi there—if this is not a real issue then please remove. But when I go to copy + paste an iframe / embed script (YouTube or Vimeo), it works fine in the preview, but as soon as the post is updated it all gets stripped out of the content. How can I prevent this from happening?
Inserting embed code
Still there when I switch back to rich text mode
On “Update,” it’s all gone
That's due to Storytime.post_sanitizer which is called when a post is saved. post_sanitizer is just a hook to handle post content sanitization (i.e. which tags and HTML attributes to allow and/or disallow in a post). By default, the following Proc block is called and used to sanitize the content:
# lib/storytime.rb
@@post_sanitizer = Proc.new do |draft_content|
white_list_sanitizer = if Rails::VERSION::MINOR <= 1
HTML::WhiteListSanitizer.new
else
Rails::Html::WhiteListSanitizer.new
end
attributes = %w(
id class href style src title width height alt value
target rel align disabled name
)
white_list_sanitizer.sanitize(draft_content, attributes: attributes)
endYou can override this in your Storytime config file (config/initializers/storytime.rb) and handle post sanitization anyway you'd like (or not at all if you desire).
If you're just trying to add the iframe tag, and the frameborder and allowfullscreen attributes you should be able to use the following:
# config/initializers/storytime.rb
# Hook for handling post content sanitization.
# Accepts either a Lambda or Proc which can be used to
# handle how post content is sanitized (i.e. which tags,
# HTML attributes to allow/disallow.
config.post_sanitizer = Proc.new do |draft_content|
white_list_sanitizer = if Rails::VERSION::MINOR <= 1
HTML::WhiteListSanitizer.new
else
Rails::Html::WhiteListSanitizer.new
end
if Rails::VERSION::MINOR <= 1
tags = white_list_sanitizer.allowed_tags
else
tags = Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS_WITH_LIBXML2
end
tags.add("iframe")
attributes = %w(
id class href style src title width height alt value
target rel align disabled name frameborder allowfullscreen
)
white_list_sanitizer.sanitize(draft_content, tags: tags, attributes: attributes)
endIf you'd just like to allow any content (no sanitization) you can just use the following:
# config/initializers/storytime.rb
# Hook for handling post content sanitization.
# Accepts either a Lambda or Proc which can be used to
# handle how post content is sanitized (i.e. which tags,
# HTML attributes to allow/disallow.
config.post_sanitizer = Proc.new do |draft_content|
# No need to sanitize content, just passing it through...
draft_content
endLet me know if this helps.
I'm sure others will run into this at some point, so I'll add a wiki entry expounding on post sanitation.
Thanks!
Perfect. Much appreciated! Figured something like that was occurring.
A slightly better version than what I originally posted that uses the defaults of the Rails sanitizers in use, and adds the "iframe" tag and "frameborder" and "allowfullscreen" attributes.
# Host app: config/initializers/storytime.rb
config.post_sanitizer = Proc.new do |draft_content|
if Rails::VERSION::MINOR <= 1
white_list_sanitizer = HTML::WhiteListSanitizer.new
tags = white_list_sanitizer.allowed_tags
attributes = white_list_sanitizer.allowed_attributes
else
white_list_sanitizer = Rails::Html::WhiteListSanitizer.new
tags = Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS_WITH_LIBXML2
attribtues = Loofah::HTML5::WhiteList::ALLOWED_ATTRIBUTES
end
# Add any additional tags or attributes to tags/attributes Sets here.
tags.add("iframe")
attributes.merge(["frameborder", "allowfullscreen"])
white_list_sanitizer.sanitize(draft_content, tags: tags, attributes: attributes)
end