Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Rewriting a field containing an iframe youtube video embedded within the content. Upon being rewritten the iframe code is stripped out, but the content remains. All other tags like ULs, H2s, etc remain intact.
Comments
Comment #2
LendudeYeah most of this stuff gets run through Xss::filterAdmin() so the only allowed tags are :
$adminTags = array('a', 'abbr', 'acronym', 'address', 'article', 'aside', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'command', 'dd', 'del', 'details', 'dfn', 'div', 'dl', 'dt', 'em', 'figcaption', 'figure', 'footer', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'header', 'hgroup', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'mark', 'menu', 'meter', 'nav', 'ol', 'output', 'p', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'small', 'span', 'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time', 'tr', 'tt', 'u', 'ul', 'var', 'wbr');
Since iframes are a big no-no I don't think a generic method of allowing them is likely. A custom field handler for your use case or using something like a twig template for your field and doing whatever manipulation you want to do in that sounds like the way to go. Does that help?
Moving to the right queue.
Comment #10
pameeela CreditAttribution: pameeela commentedThanks for reporting this issue. We rely on issue reports like this one to resolve bugs and improve Drupal core.
As part of the Bug Smash Initiative, we are triaging issues that are marked "Postponed (maintainer needs more info)". This issue was marked "Postponed (maintainer needs more info)" in 2016.
Since then, in #2654962: Views content rewrite text says "You may include HTML" but actually allows only a subset help text was added to indicate the allowed tags. Feature requests can be created for the addition of specific tags, but based on consultation with @Lendude and @larowlan, it is unlikely iframe tags would ever be added to this list for security reasons.