Skip to:
Content

bbPress.org

Opened 4 years ago

Closed 4 years ago

#3286 closed defect (bug) (invalid)

Inserting videos via TinyMCE plugin is escaping the source tag for non-admin users

Reported by: ajtruckle's profile ajtruckle Owned by:
Milestone: Priority: high
Severity: major Version: 2.6.1
Component: Component - Any/All Keywords: reporter-feedback
Cc:

Description

So I am using this extra function so that extra HTML tags are not stripped for non-admin users:

add_filter( 'bbp_kses_allowed_tags', 'ntwb_bbpress_custom_kses_allowed_tags' );

function ntwb_bbpress_custom_kses_allowed_tags() {
	return array(

		// Links
		'a'          => array(
			'class'    => true,
			'href'     => true,
			'title'    => true,
			'rel'      => true,
			'class'    => true,
			'target'   => true,
		),

		// Quotes
		'blockquote' => array(
			'cite'     => true,
		),
		
		// Div
		'div' => array(
			'class'     => true,
		),
		
		// Span
		'span'          => array(
			'class'     => true,
			'style'     => true,
		),

		// Paragraph
		'p'          => array(
			'dir'    => true,
			'style'  => true,
		),
		
		// Code
		'code'       => array(),
		'pre'        => array(
		'class'      => true,
		),

		// Formatting
		'em'         => array(),
		'strong'     => array(),
		'del'        => array(
			'datetime' => true,
		),

		// Lists
		'ul'         => array(),
		'ol'         => array(
			'start'    => true,
		),
		'li'         => array(),

		// Images
		'img'        => array(
			'class'    => true,
			'src'      => true,
			'border'   => true,
			'alt'      => true,
			'height'   => true,
			'width'    => true,
		),

		// Tables
		'table'      => array(
			'align'    => true,
			'bgcolor'  => true,
			'border'   => true,
		),
		'tbody'      => array(
			'align'    => true,
			'valign'   => true,
		),
		'td'         => array(
			'align'    => true,
			'valign'   => true,
		),
		'tfoot'      => array(
			'align'    => true,
			'valign'   => true,
		),
		'th'         => array(
			'align'    => true,
			'valign'   => true,
		),
		'thead'      => array(
			'align'    => true,
			'valign'   => true,
		),
		'tr'         => array(
			'align'    => true,
			'valign'   => true,
		),
		'video'      => array(
			'controls' => true,
			'width'    => true,
			'height'   => true,
			'source'     => array(
				'src'    => true,
				'type'	 => true
			)
		)
	);
} 
// ==============================================================

Notice the section at the end for videos? This is the issue. These videos are inserted using the TinyMCE Video plugin. Once it is inserted it looks something like this:

<video controls="controls" width="300" height="150">
<source src="https://www.publictalksoftware.co.uk/videos/forum/pts-test-video.mp4" type="video/mp4" /></video>

The problem is that for a non-admin user the < and /> wrapped around the source tag is getting escaped. Thus the syntax is not correct and the video module will not play.

Robin suggested I switch off moderation:

add_filter( 'bbp_bypass_check_for_moderation', '__return_true' );

And to try removing this filter:

remove_filter( 'bbp_new_reply_pre_content', 'bbp_filter_kses', 30 );

But i can't get it to work. The only way to insert one of these videos is if a admin user does it so that the escaping of the source tag does not happen.

Can this be resolved?

Thanks.

Change History (1)

#1 @johnjamesjacoby
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hey there. Unfortunately this isn't a bbPress bug. You need to write the correct code for your own purpose.

This issue tracker is for bugs or enhancements to the bbPress software, not for support with custom code snippets to make it do what you want it to.

Please stick to the support forums for support'ish questions. Thank you!

Note: See TracTickets for help on using tickets.