[wp-hackers] iframe question
Scot Hacker
shacker at birdhouse.org
Thu Jan 29 02:11:47 GMT 2009
I've got a lot of users on a lot of blogs going through "Why is my
google map not working?" problem when using the visual editor. These
are users for whom disabling the visual editor permanently is not a
realistic option.
I understand that iframes are considered insecure. And yet if you turn
off the visual editor, you can insert iframes into posts without
trouble, because iframes are disabled at the tinymce layer, not at the
wordpress layer. If you edit tiny_mce_config.php, you can enable
iframe support in tinymce too, apparently without causing formatting
problems.
So apparently WP itself doesn't take the insecurity of iframes
seriously, since it allows an easy workaround. And it seems like
tinymce doesn't have an inherent formatting problem with iframes,
since you can work around that too.
So why are iframes disabled by default in tinymce? For now I'm editing
a lot of tiny_mce_config.php files, but don't like hacking core all
over the place. Can't this option just be made into a setting on the
Writing or Misc settings pages?
Thanks,
Scot
More information about the wp-hackers
mailing list