IFrames are great old way to embed content of another site to yours. This also make it a good way to start a cross-site attack.
It's both good and bad thing to let your site users to add iframe in their contents. On one hand, if a users is doing "Full HTML" in their content, they would certainly want to embed iframe (YouTube, Google Maps). But if one of your users is naughty, or if your site is somehow hacked, they would want to sneak malicious iframe attack in, too.
Can we remove all the iframe(s), except the ones we trust?
That's what this module does.
It provides a filter that you may add to text formats (Full HTML, Filtered HTML). The filter will remove every iframe it found except "src" from the whitelist.
Easy to config. Easy to use.
Usage
- Open your site's admin interface
- Go to "Configruation" > "Text formats"
- Open "configure" of the text format that you want to apply the filter
- Check "iFrame removing filter"
- At "Filter Settings" > "iFrame removing filter", fill-in the whitelist domains. You need to put in 1 domain per line. You may use wildcard character "*" to match multiple characters
- Click "Save Configurations"
Project information
Maintenance fixes only
Considered feature-complete by its maintainers.- Project categories: Content editing experience
344 sites report using this module- Created by yookoala on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
