Hi,

When I try to embed code the embed code will only show after I have saved the page if I refresh it. Does any one knows how to fix this behavior?

Steps:
1. Create a new node (story, page, blog)
2. Insert embed code from YouTube, Vimeo, etc using the embed code plugin in CKEditor.
3. Save node
4. When the new node shows there is a black space, but the video does not load or give you an error.
5. If you refresh the page the video start working like a charm.

Thank you,

Emil

Comments

emilorol’s picture

One more note.

The issue also happen if you edit a node.

Also the embed code is being properly inserted on the page, but for some reason beyond me the iframe content does not load.

Note: I am not using HTML Purifier.

emilorol’s picture

It also happen with the new and old embed code from youtube

New embed code

<iframe width="420" height="315" src="http://www.youtube.com/embed/xVzIGMqRznk" frameborder="0" allowfullscreen></iframe>

Old embed code

<object width="420" height="315"><param name="movie" value="http://www.youtube.com/v/xVzIGMqRznk?version=3&amp;hl=en_US"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/xVzIGMqRznk?version=3&amp;hl=en_US" type="application/x-shockwave-flash" width="420" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>

RobbM’s picture

Same issue here.

But I don't think this is actually a CKeditor issue, as I get the same results if I switch to the plain text editor and insert the embed code manually.

mkesicki’s picture

I think this could be related with input format used for node and drupal's filter configuration.
What input format and filters do you use ? Check this with full html input format.

cheval’s picture

Issue summary: View changes

I'm also having the same issue in D7, the console gives the following error after saving the node:

The XSS Auditor refused to execute a script in 'http://nodelink' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.

The issue seems to be a security measure to prevent XSS (Cross site scripting) attacks, a workaround would be to disable XSS-Protection, but that is NOT recommended:

header("X-XSS-Protection: 0");