Allow editor to use IFRAME code only but disable javascript code?

[ad_1]

Hi @zearth,

Can you provide more context please ? If you are talking about embed block, it only take a valid url as argument. Are you talking about the script inside the iframe generated by embed block ? If it that you will have to add filter on embed block to add an attribute sandbox to the iframe

Thread Starter
zearth

(@zearth)

I want our editors to be able to embed <iframe> code only in the post editor. We don’t want them to post some javascript codes like <script>codes</script>. In this way the content being push to the frontend will allow them only to use iframe and no javascript embed codes in the editor content.

Thread Starter
zearth

(@zearth)

I found alternative solution, here is my temp solution to prevent javascript code insert from non administrator.

function filterjs( $data, $postarr, $unsanitized_postarr){
global $current_user;
$roleko = $current_user->roles[0];
if($roleko == 'administrator') {
} else {
$postcontent = $data['post_content'];
$postcontent = str_replace('<script','&lt;script',$postcontent );
$postcontent = str_replace('</script>','&lt;/script&gt;',$postcontent );
$data['post_content'] =  $postcontent ;
}
return $data;
}
add_filter( 'wp_insert_post_data', 'filterjs',10,3);

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer