I have a case where we are trying to allow embedding of object code from our local media server in a text field.

OpenScholar (Drupal 6.22)
WYSIWYG Filter 6.x-1.x-dev (last listed patches #878032 and #926364)

Whitelisting of param elements is mostly working as advertised; however, one param element is being filtered on output.

The object code as stored in the database is:
<object width="300" height="152" data="http://media.sas.upenn.edu/static/player.swf" type="application/x-shockwave-flash"><param name="allowfullscreen" value="true" /><param name="src" value="http://media.sas.upenn.edu/static/player.swf" /><param name="flashvars" value="file=105595&amp;config=http://media.sas.upenn.edu/static/player.xml" /><img src="/sites/all/libraries/tinymce/jscripts/tiny_mce/themes/advanced/img/trans.gif" class="mceItemMedia mceItemFlash" width="640" height="324" data-mce-json="{'video':{},'params':{'flashvars':'file=105595&amp;config=http://media.sas.upenn.edu/static/player.xml','allowfullscreen':'true','src':'http://media.sas.upenn.edu/static/player.swf'},'object_html':'&lt;p&gt;&lt;a href=\&quot;http://get.adobe.com/flashplayer/\&quot;&gt;Install the Flash plugin&lt;/a&gt; to watch this video.&lt;/p&gt;'}" /></object>

The following param element is being stripped on node view:
<param name="flashvars" value="file=105595&amp;config=http://media.sas.upenn.edu/static/player.xml" />

Can anyone offer any guidance on this problem?

Regards,

Rick

Comments

rickward’s picture

rickward CreditAttribution: rickward commented

Upon further review, I've noticed that it isn't filtering the entire element. It's only filtering a portion of the value attribute so that the attribute is being rendered as follows:
<param name="flashvars" value="//media.sas.upenn.edu/static/player.xml" />

original value:
<param name="flashvars" value="file=105595&amp;config=http://media.sas.upenn.edu/static/player.xml" />

stefan.r’s picture

stefan.r CreditAttribution: stefan.r commented
Status: Active » Closed (won't fix)

Closing 6.x support requests