1152882 - [Mozilla Blog] Unable to embed iframe with airmo video

Status: RESOLVED WONTFIX

(Infrastructure & Operations :: Blogs, task)

Description

[Rubén Martín [:Nukeador] ❌ [away till Aug 31st]]

Hello,

Recently, the WP editor started to remove iframes from the post code when saving, so I'm unable to embed an airmo video.

This has been working correctly since we have been using it for all our weekly meeting calls posts.

This is the code:

<iframe src="https://air.mozilla.org/reps-weekly-20150409/video/" width="640" height="380" frameborder="0" allowfullscreen="allowfullscreen"></iframe>

Here it's the draft where I'm trying to add it, it's removed on save:

https://blog.mozilla.org/mozillareps/wp-admin/post.php?post=332&action=edit

Here you can see other post where the iframe code is working:

https://blog.mozilla.org/mozillareps/2015/03/27/reps-weekly-call-march-26th-2015/

Comment 1

[Ryan Watson [:w0ts0n]]

I believe this may have been impacted by our wordpress upgrade & migration. 

From how I read it, its the default WordPress stripping that occurs on a Multisite Installation for all users but the Admin. Typical solutions suggested online are to install a 2 year old plugin or modify some php. 

Let me talk with the team and find out if there is a suggest workaround we can use.

Comment 2

[Shyam Mani [:fox2mike]]

Ryan,

Any movement here?

Comment 3

[Ryan Watson [:w0ts0n]]

Unfortunately not. From what I can tell, this just isn't possible via current methods due to the way multi-site's work without taking a risk on old code. 

Any opinion Craig?

Comment 4

[Craig Cook (:craigcook)]

The iframe element is stripped for non-admin users for very practical security reasons. There's not really anything we can do on the hosting end to allow iframes. However, we do have some other options...

There are various iframe plugins that circumvent the HTML filtering by defining an equivalent shortcode, e.g. [iframe src="foo"][/iframe] (this is also fairly simple to do without a plugin, just takes a little bit of code in the theme). The downside of this approach is there are no restrictions on which URLs can be framed so it potentially opens us up to all the risks that stripping the tag is supposed to protect us from in the first place.

A better option would be to add air.mozilla.org to the list of allowed providers for WordPress' built-in oEmbed API (see http://codex.wordpress.org/Function_Reference/wp_oembed_add_provider), allowing you to embed airmo videos the same way you can embed youtube videos. I might need to work with the airmo devs to make this work but I think it should be doable.

Sorry this has gone neglected for so long. I'll try to make some time to work on it soon. Also moving this bug to another component, since it's not really a webops issue at this point.

Comment 5

[Ryan Watson [:w0ts0n]]

Craig, where are we with this bug? Is this still happening. It's over 400 days old, so if not, I would be inclined to close it.

Thanks

Comment 6

[Craig Cook (:craigcook)]

Thanks for the ping. It is still the case that iframes are stripped and we haven't established another means of adding arbitrary iframes, nor have we added airmo to the list oEmbed providers. In other words I've done nothing since my previous comment seven months ago, there's been no other changes, and nobody else has complained. I'd still like to make airmo videos embeddable so I'm happy to keep this bug open rather than wontfix-ing it, but it's not an urgent priority. I may be able to work on this soon now that I've been reminded.

Comment 7

[Emma Humphries ☕️🎸🧞‍♀️✨ (she/they) [:emceeaich] (Pacific Time) use needinfo]

Bulk move to Websites::blogs component, per bug 1353528

Comment 8

[Joey Krejci [:joeyk]]

Closing this out 3 years later. Please file another bug if needed, thanks!

Comment 9

[Rubén Martín [:Nukeador] ❌ [away till Aug 31st]]

Hi,

This request is still valid, we still want to have airmo videos embedded.

Thanks.

Comment 10

[Sean Rich [:srich]]

(In reply to Joey Krejci [:joeyk] from comment #8)
> Closing this out 3 years later. Please file another bug if needed, thanks!

Joey - will you reach out to Andy Kochendorfer to see what might be possible with the upcoming INXPO solution?

Comment 11

[Joey Krejci [:joeyk]]

Hey Sean,

After reaching out to Andy I dont think INXPO is the right solution. Not sure what is, so for now  we will backlog this bug to explore at another time. 

Hello Joey! Reading over the bug; I am not sure that the INXPO content management system will allow embedding of videos into a frame. The content management system (library) uses SAML (Auth0) to authentic all viewers so we can restrict non-public content, so even if feasible, viewers would get the Auth0 pop-up requesting them to login with Google, GitHub, or an email address (which I don't think is the experience that you are looking for?). This is a sample direct link to on demand content within the INXPO portal (I am still building it out - we just got the contract approved): https://onlinexperiences.com/Launch/Event.htm?ShowKey=44908&DisplayItem=E230878

This is the top level of the library: https://onlinexperiences.com/scripts/Server.nxp?LASCmd=L:0&AI=1&InitialDisplay=1&ClientBrowser=0&ShowKey=44908

Comment 12

[Eric Ziegenhorn :ericz]

Given that INXPO does not allow framing of its content there is no path forward here, closing this out.