Aug 7 2008

MangoBlog, How to Enable iFrame Tag in TinyMCE

Posted by cheyennejack at 3:02 AM
9 comments
- Categories: ColdFusion | Programming | Security

Share this: del.icio.us digg StumbleUpon Facebook Technorati Fav Mixx Spurl newsvine Furl reddit Yahoo! My Web Wists Simpy BlinkList BlogMarks smarking Ma.gnolia MSN Live Google Bookmarks Segnalo diigo excites Netvouz

First off let me start off by saying that I absolutely love using MangoBlog. As a complete coder and non-designer, I have been able to whip together a bit of a design and even transfer blogs from various sources into here. Kudos to the MangoBlog team, no wonder there have been so many converts.

However, tonight I did run into a bit of a snafu that took me awhile to resolve. One of the great parts of Mangoblog is that you just run it and really dont have to inspect it much further.

Now while I normally would say spend some time and get to know the architecture behind MangoBlog, I know some out there just want the answer to the question, so here goes.

MangoBlog uses TinyMCE. By default TinyMCE strips the iFrame tag and some other tags from your HTML Editor view. So try as you may, any iframe tag will be erased and deleted before getting saved. Manually editing the database as a workaround sounds great, but really it isn't, trust me I know.

To force TinyMCE to allow the iFrame tag in MangoBlog follow these steps.

  • Open [mangoroot]/admin/layout.cfm
  • Around line 42 you will see a line for "extended_valid_elements"
  • Replace with extended_valid_elements : "span[class|style],code[class],iframe[src|width|height|name|align|frameborder|scrolling]",
  • Don't forget the trailing comma
  • Save and reload your posting area, then play with iframes to your hearts desire.



Obviously, you can use this same technique by adding tags and attributes here that TinyMCE strips by default. I would only recommend doing this on an as needed basis though. The blog posting I needed this for was for an old webisode covering a fictional hacking of Las Vegas casinos with SQL injection and other techniques. I strongly recommend less tech-savvy developers and even clients taking a look at this informational video to start to understand the dangers their systems face everyday.


Share this: del.icio.us digg StumbleUpon Facebook Technorati Fav Mixx Spurl newsvine Furl reddit Yahoo! My Web Wists Simpy BlinkList BlogMarks smarking Ma.gnolia MSN Live Google Bookmarks Segnalo diigo excites Netvouz




Comments

Mike

Mike wrote on 11/07/08 10:52 AM

mine was [mangoroot]/admin/editorSettings.cfm

line 28
CheyenneJack

CheyenneJack wrote on 01/28/09 2:27 PM

You are right Mike. I'm updating the blog to show that directory structure. Not sure if this changed after the update, or I mistyped all along. Either way, editorSettings.cfm is where it is located now.
bret

bret wrote on 05/09/09 2:36 PM

Good post, this helped. I added in form fields, too, while i was at it.

I would be willing to collab on a plugin, if you have time. We could come up with a few different iframe related ones. Amazon uses iframes to display ads, so we could do a basic Mango iframe plugin and a Mango Amazon plugin.
Varun Dixit

Varun Dixit wrote on 08/22/10 4:10 AM

Thank You! Your post was great help.
edi santoso

edi santoso wrote on 01/13/11 9:53 PM

thank's bro
Brad

Brad wrote on 04/01/11 12:37 PM

Thanks for sharing, it's exactly what I was looking for!
eddie

eddie wrote on 08/26/11 2:34 PM

Thank you for posting this! I am not a mangoblog user but was able to make the change in my site's tinymce configuration file (tiny_mce.js)
ludo

ludo wrote on 11/04/11 2:07 AM

I tried by it still doesnt work. I updated my tiny_mce.js with your line then saved and updated back via ftp, but tinyMCE keep delete any iframe code. PLS Help :/
CheyenneJack

CheyenneJack wrote on 11/04/11 1:45 PM

@ludo just a quick thought, did you hold shift down and then refresh your browser, or try a new browser. Sometimes when editing javascript your browser will cache the old code and not show you the results of your new javascript until you shift+refresh.

Write your comment



(it will not be displayed)