Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
As an administrator I wan't to attach embeded video or any content placed inside iframe into result area which is sanitized with filter_xss_admin().
Proposed resolution
Remove filter_xss_admin() from views_handler_area_result render() method.
Comment | File | Size | Author |
---|---|---|---|
#4 | remove-filter_xss_admin-from-views_handler_area_result-3074270-2.patch | 816 bytes | jakubhnilicka |
| |||
#2 | remove-filter_xss_admin-from-views_handler_area_result-3074270-1.patch | 633 bytes | jakubhnilicka |
Comments
Comment #2
jakubhnilicka CreditAttribution: jakubhnilicka at HBF s.r.o. for jobiqo - job board technology commentedPatch.
Comment #3
klausiNice, agreed!
Can you add a comment above the line like "// We don't want to sanitize with filter_xss_admin() here because Views administrators are trusted users and should be allowed to insert arbitrary markup."
Comment #4
jakubhnilicka CreditAttribution: jakubhnilicka at HBF s.r.o. for jobiqo - job board technology commentedAdded coment above removed sanitization.
Comment #5
klausiThank you!
Comment #7
DamienMcKennaCommitted. Thanks. FYI I wrapped the comment a little more tightly.