4

I am looking for a good solution to make it possible for endusers to insert iframes (Soundcloud) in a template placeholder. I thought about using the djangocms-txt-ckeditor plugin. In it documentation it says to use the configurable sanitizer to accomplish this:

djangocms-text-ckeditor uses html5lib to sanitize HTML to avoid security issues >and to check for correct HTML code. Sanitisation may strip tags usesful for some >use cases such as iframe; you may customize the tags and attributes allowed by >overriding the TEXT_ADDITIONAL_TAGS and TEXT_ADDITIONAL_ATTRIBUTES settings:

TEXT_ADDITIONAL_TAGS = ('iframe',)
TEXT_ADDITIONAL_ATTRIBUTES = ('scrolling', 'allowfullscreen', 'frameborder')

I did edit the settings.py in my project like that and restarted my webserver (nginx). But the sanitizer is still wrapping it to avoid html-insertion.

I would like to avoid writing a SoundCloud plugin only for this purpose.

Any suggestions are welcome.

Community
  • 1
  • 1
svenwildermann
  • 631
  • 6
  • 20
  • 1
    I made a django-cms plugin to that you could use. https://github.com/mishbahr/djangocms-embed – mishbah Jan 21 '16 at 14:51
  • @mishbah thanks for this advice. I will check it out. Even though I did hope to achieve this without any additional plugin. – svenwildermann Jan 21 '16 at 14:56
  • 1
    What version of djangocms_text_ckeditor have you installed? Using version 2.8 I can create iframes just fine adding the settings you cited above to the project settings – yakky Jan 24 '16 at 14:11
  • I am using version 2.7.1 currently. I am considering an update now. – svenwildermann Jan 30 '16 at 19:24

1 Answers1

7

As suggested by @yakky in the comments I did update the Django environment to use "djangocms_text_ckeditor" in version 2.8.1.

While using this settings in my settings.py, it works great:

TEXT_ADDITIONAL_TAGS = ('iframe',)
TEXT_ADDITIONAL_ATTRIBUTES = ('scrolling', 'allowfullscreen', 'frameborder', 'src', 'height', 'width')

The (soundcloud) iframe shows up and no further problems did occur.

Be aware: Updating your environment can cause failures. Always try first within a development environment.

svenwildermann
  • 631
  • 6
  • 20