Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Limit HTML tags filter is breaking calls to embedded video.
My embed code:
<object width = "512" height = "328" > <param name = "movie" value = "http://dgjigvacl6ipj.cloudfront.net/media/swf/PBSPlayer.swf" > </param><param name="flashvars" value="video=http://watch.weta.org/videoPlayerInfo/2332285454&player=viral&end=0" /> <param name="allowFullScreen" value="true"></param > <param name = "allowscriptaccess" value = "always" > </param><param name="wmode" value="transparent"></param ><embed src="http://dgjigvacl6ipj.cloudfront.net/media/swf/PBSPlayer.swf" flashvars="video=http://watch.weta.org/videoPlayerInfo/2332285454&player=viral&end=0" type="application/x-shockwave-flash" allowscriptaccess="always" wmode="transparent" allowfullscreen="true" width="512" height="328" bgcolor="#000000"></embed></object>
What's being outputted after the filter runs:
<object width="512" height="328" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000">
<param name="movie" value="http://dgjigvacl6ipj.cloudfront.net/media/swf/PBSPlayer.swf" />
<param name="flashvars" value="//watch.weta.org/videoPlayerInfo/2332285454&player=viral&end=0" />
<param name="allowfullscreen" value="true" />
<param name="allowscriptaccess" value="always" />
<param name="wmode" value="transparent" />
<!--[if !IE]>-->
<object width="512" height="328" type="application/x-shockwave-flash" data="http://dgjigvacl6ipj.cloudfront.net/media/swf/PBSPlayer.swf">
<param name="flashvars" value="//watch.weta.org/videoPlayerInfo/2332285454&player=viral&end=0" />
<param name="allowfullscreen" value="true" />
<param name="allowscriptaccess" value="always" />
<param name="wmode" value="transparent" />
<!--<![endif]-->
<!--[if !IE]>-->
</object>
<!--<![endif]-->
</object>
Note that in the flashvars param, value="video=http://watch.weta.org/videoPlayerInfo/2332285454&player=viral&end=0
is being converted to value="//watch.weta.org/videoPlayerInfo/2332285454&player=viral&end=0"
.
I believe this is similar to what's happening in #812590: HTML Filter breaks the classid attribute of the object tag, and that drupal_strip_dangerous_protocols() is stripping out everything prior to and including the colon.
Comments