Problem/Motivation

Steps to reproduce

If allowed, on the CKeditor or any other text paragraph component, or any other text field, add an iframe including or script code, that we just paste the raw value to show an embed (not recommended, but in some cases, for trusted providers, this can be ok - if controlled and checked on the backend, etc.) This will make the node_read_time module stop counting words, hence the estimated read time is not accurate.

Proposed resolution

Make sure script and iframe tags and nested elements are stripped.

Remaining tasks

Review and test.

CommentFileSizeAuthor
#14 ignore-iframe-and-script-3357171-14.patch722 bytesakshay kashyap
#10 ignore-iframe-and-script-3357171-10.patch699 bytesandreastkdf
#9 ignore-iframe-and-script-3357171-9.patch727 bytesandreastkdf
#8 ignore-iframe-and-script-3357171-8.patch735 bytesandreastkdf
#7 ignore-iframe-and-script-3357171-6.patch751 bytesandreastkdf

Issue fork node_read_time-3357171

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

andreastkdf created an issue. See original summary.

andreastkdf’s picture

andreastkdf commented
Issue summary: View changes
andreastkdf’s picture

andreastkdf commented
Issue summary: View changes
andreastkdf’s picture

andreastkdf commented
Issue summary: View changes
andreastkdf’s picture

andreastkdf commented
Issue summary: View changes
andreastkdf’s picture

andreastkdf commented

strip/remove script and iframe elements

andreastkdf’s picture

andreastkdf commented
StatusFileSize
new ignore-iframe-and-script-3357171-6.patch751 bytes

adding patch for #6

andreastkdf’s picture

andreastkdf commented
StatusFileSize
new ignore-iframe-and-script-3357171-8.patch735 bytes

fix typo on code added.

andreastkdf’s picture

andreastkdf commented
StatusFileSize
new ignore-iframe-and-script-3357171-9.patch727 bytes

Fix Could not apply patch!

(trailing whitespaces on patch file)

andreastkdf’s picture

andreastkdf commented
StatusFileSize
new ignore-iframe-and-script-3357171-10.patch699 bytes

patch still failing, apologies, I was on doing the diff on the wrong repo

ignore all previous comments :)

andreastkdf’s picture

andreastkdf commented
Status: Active » Needs review
andreastkdf’s picture

andreastkdf commented
akshay kashyap’s picture

akshay kashyap commented
Status: Needs review » Needs work

@andreastkdf

Thanks for the work.

Verified and tested Patch Comment #8 on Drupal 10.1.x Applied patch cleanly but found a warning message when applying a patch.

 git apply -v ignore-iframe-and-script-3357171-8.patch.txt
ignore-iframe-and-script-3357171-8.patch.txt:9: trailing whitespace.

ignore-iframe-and-script-3357171-8.patch.txt:13: trailing whitespace.

Checking patch src/Calculate/ReadingTime.php...
Applied patch src/Calculate/ReadingTime.php cleanly.
warning: 2 lines add whitespace errors.
akshay kashyap’s picture

akshay kashyap commented
Status: Needs work » Needs review
StatusFileSize
new ignore-iframe-and-script-3357171-14.patch722 bytes

Created a patch to remove the whitespace warning message. Please review it.

andreastkdf’s picture

andreastkdf commented
Assigned: andreastkdf » Unassigned

Thank you! Looks good. I unassigned my self to let a maintainer double check and potentially merge the patch on next release.

gurbakshish’s picture

gurbakshish commented

#14 patch works fine for me. Thanks

akshay kashyap’s picture

akshay kashyap commented
Status: Needs review » Reviewed & tested by the community

  • Akshay kashyap authored 54f75227 on 8.x-1.x 
    Issue #3357171 by andreastkdf, Akshay kashyap: Ignore any <iframe> or...
yivanov’s picture

yivanov commented
Status: Reviewed & tested by the community » Fixed

Thanks everyone! Closing as Fixed!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.