I have a case where we are trying to allow embedding of object code from our local media server in a text field.
OpenScholar (Drupal 6.22)
WYSIWYG Filter 6.x-1.x-dev (last listed patches #878032 and #926364)
Whitelisting of param elements is mostly working as advertised; however, one param element is being filtered on output.
The object code as stored in the database is:
<object width="300" height="152" data="http://media.sas.upenn.edu/static/player.swf" type="application/x-shockwave-flash"><param name="allowfullscreen" value="true" /><param name="src" value="http://media.sas.upenn.edu/static/player.swf" /><param name="flashvars" value="file=105595&config=http://media.sas.upenn.edu/static/player.xml" /><img src="/sites/all/libraries/tinymce/jscripts/tiny_mce/themes/advanced/img/trans.gif" class="mceItemMedia mceItemFlash" width="640" height="324" data-mce-json="{'video':{},'params':{'flashvars':'file=105595&config=http://media.sas.upenn.edu/static/player.xml','allowfullscreen':'true','src':'http://media.sas.upenn.edu/static/player.swf'},'object_html':'<p><a href=\"http://get.adobe.com/flashplayer/\">Install the Flash plugin</a> to watch this video.</p>'}" /></object>
The following param element is being stripped on node view:
<param name="flashvars" value="file=105595&config=http://media.sas.upenn.edu/static/player.xml" />
Can anyone offer any guidance on this problem?
Regards,
Rick
Comments
Comment #1
rickward CreditAttribution: rickward commentedUpon further review, I've noticed that it isn't filtering the entire element. It's only filtering a portion of the value attribute so that the attribute is being rendered as follows:
<param name="flashvars" value="//media.sas.upenn.edu/static/player.xml" />
original value:
<param name="flashvars" value="file=105595&config=http://media.sas.upenn.edu/static/player.xml" />
Comment #2
stefan.r CreditAttribution: stefan.r commentedClosing 6.x support requests