Skip to content

Instantly share code, notes, and snippets.

@bueltge
Created January 11, 2013 15:52
Show Gist options
  • Save bueltge/4511711 to your computer and use it in GitHub Desktop.
Save bueltge/4511711 to your computer and use it in GitHub Desktop.
Wordpress plugin for allow iframe in the visual Editor
<?php
/**
* Plugin Name: iFrame for TinyMCE
* Description: Allow iframe in the visual Editor
* Version: 0.0.1
* Author: Frank Bültge
* Author URI: http://bueltge.de/
*/
! defined( 'ABSPATH' ) and exit;
add_filter( 'tiny_mce_before_init', 'fb_change_mce_options' );
function fb_change_mce_options( $args ) {
// Comma separated string od extendes tags
// Command separated string of extended elements
$ext = 'iframe[align|longdesc|name|width|height|frameborder|scrolling|marginheight|marginwidth|src]';
if ( isset( $args['extended_valid_elements'] ) ) {
$args['extended_valid_elements'] .= ',' . $ext;
} else {
$args['extended_valid_elements'] = $ext;
}
// maybe; set tiny paramter verify_html
//$args['verify_html'] = false;
return $args;
}
@lbonatti
Copy link

This not work... i'm searching one solutions and i find this:

// allow script & iframe tag within posts
function allow_post_tags( $allowedposttags ){
    $allowedposttags['script'] = array(
        'type' => true,
        'src' => true,
        'height' => true,
        'width' => true,
    );
    $allowedposttags['iframe'] = array(
        'src' => true,
        'width' => true,
        'height' => true,
        'class' => true,
        'frameborder' => true,
        'webkitAllowFullScreen' => true,
        'mozallowfullscreen' => true,
        'allowFullScreen' => true
    );
    return $allowedposttags;
}
add_filter('wp_kses_allowed_html','allow_post_tags', 1);

This work in Wordpress >= 3.9.x.

@danicomas
Copy link

danicomas commented May 16, 2017

Then, to remove the iframes you don't want:

function sanitize_iframes($content) {	
        $patternIframes = '/<iframe.*src=\\\\"(.*)\\\\".*><\\/iframe>/isU';
	$patternSrc = '/^(http:|https:)?\/{2}(www.)?(domain1.com|domain2.com|domain3.com)/'; //whitelist
        $iframesCount = preg_match_all($patternIframes, $content["post_content"], $iframesMatches);
	if($iframesCount > 0){
		$i = 0;
		foreach ($iframesMatches[1] as $iframeMatch){
			$srcCount = preg_match($patternSrc, $iframeMatch, $obj);
			if($srcCount == 0){
				$removeBackslashes = str_replace("\\\\", '\\', $iframesMatches[0][$i]);
				$content["post_content"] = str_replace($removeBackslashes, "", $content["post_content"]);
			}
			++$i;
		}
	}
	
        return $content;    
}
add_filter('wp_insert_post_data', 'sanitize_iframes');

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment