"Unfiltered Text" header/footer stripping iframes

I've changed the help of this element. It's either this, or adding iframe as an allowed value to $adminTags which probably has a lot more consequences.

Applied patch from #2 and was successful

+++ b/core/modules/views/views.views.inc
@@ -66,7 +66,7 @@ function views_views_data() {
+    'help' => t('Add custom text or markup, save for scripts and styles. This is similar to the custom text field.'),

I think either "except for" or "not including" would be more widely understandable as more common phrasing than "save for".

Thank you for reviewing this issue!

The automated testing infrastructure tells us whether the patch applies, so we do not need people to review that. It is also not sufficient criteria for the issue to be marked "Reviewed and Tested by the Community".

What we do need people to review is whether the issue has a correct scope, whether it passes the core gates, whether the solution completely fixes the problem without introducing other problems, and whether it's the best solution we can come up with. See the patch review guide for more information.

When you do post a review, be sure to describe what you reviewed and how. This helps other reviewers understand why you considered the issue RTBC (and is considered for issue credit).

Based on #4, setting back to needs work.

@cilefen & @lauriii, thanks for the updates.

"not including" fits correctly here, so updating the same.
Added the updated patch for the same.

Please review and let me know

The same issue happens on the text area for rewrite field, iframes get stripped.

Setting to RTBC for #7, this correctly resolves the remark by @cilefen

This is also an issue in Drupal 7 - and I created an issue for that.

If you need the ability to put an iframe in a view header, here is a custom area plugin we used to do that.

<?php

namespace Drupal\ext_view_area_iframe\Plugin\views\area;

use Drupal\Core\Form\FormStateInterface;
use Drupal\views\Plugin\views\area\TokenizeAreaPluginBase;

/**
 * Views area text handler.
 *
 * @ingroup views_area_handlers
 *
 * @ViewsArea("ext_view_iframe")
 */
class ExtViewIframeArea extends TokenizeAreaPluginBase {

  /**
   * {@inheritdoc}
   */
  protected function defineOptions() {
    $options = parent::defineOptions();
    $options['url'] = ['default' => ''];
    $options['height'] = ['default' => 600];
    $options['width'] = ['default' => 800];
    return $options;
  }

  /**
   * {@inheritdoc}
   */
  public function buildOptionsForm(&$form, FormStateInterface $form_state) {
    parent::buildOptionsForm($form, $form_state);

    $form['url'] = [
      '#title' => $this->t('URL'),
      '#type' => 'textfield',
      '#default_value' => $this->options['url'],
      '#size' => 60,
      '#maxlength' => 500,
      '#required' => TRUE,
    ];
    $form['height'] = [
      '#title' => $this->t('Height'),
      '#type' => 'number',
      '#default_value' => $this->options['height'],
    ];
    $form['width'] = [
      '#title' => $this->t('Width'),
      '#type' => 'number',
      '#default_value' => $this->options['width'],
    ];
  }

  /**
   * {@inheritdoc}
   */
  public function render($empty = FALSE) {
    if (!$empty || !empty($this->options['empty'])) {
      return [
        '#type' => 'inline_template',
        '#template' => '<iframe width="{{ width }}" height="{{ height }}" src="{{ url }}" frameborder="0" style="border:0" allowfullscreen></iframe>',
        '#context' => [
          'height' => $this->options['height'],
          'width' => $this->options['width'],
          'url' => $this->tokenizeValue($this->options['url']),
        ],
      ];
    }

    return [];
  }

}

This help text should probably be modelled after the fix in #2654962: Views content rewrite text says "You may include HTML" but actually allows only a subset, the same filtering applies here (without the Twig mention).

It would be good if there was documentation around what attributes are stripped by what function, and whether this is configurable.
There is a more limited and achievable issue here just around style attributes
https://www.drupal.org/project/drupal/issues/3109650