After upgrading a test site, I just upgraded my staging site to Grav 2.0. The upgrade was very smooth again. One issue: I have a few pages with an embedded iFrame that runs a p5js Javascript file. This has been working fine, but after the upgrade the page with the iframe only shows the iframe HTML as text on the page. Any suggestions for troubleshooting?
Support
Solved by Andy Miller View solution
There is much stricter content rules in Grav 2.0 as iFrames are a XSS security vulnerability. If you need to use an iframe, you have to remove the iframe tag in the Dangerous HTML Tags of the XSS Security for ContentXSS Security for Content section of the Security configuration.
There are quite a few blogs by Andy dedicated to Grav 2 and I highly recommend reading them all.
A few are about Markdown and why code in Markdown breaks:
- https://getgrav.org/blog/grav-2-markdown-enhancements
This one mentions why <iframe> doesn't work anymore. See section Disallowed Raw HTML (tagfilter) - https://getgrav.org/blog/grav-2-dev-markdown-extensions
- https://getgrav.org/blog/grav-2-twig-content-security
Why Twig (code) doesn't run in content (Markdown) anymore by default.
last edited 07/10/26 by pamtbaau
Thanks very much for both replies. I'll spend some time going through the blog before I migrate my production site.
Log in to reply.
Suggested topics
| Topic | Participants | Replies | Views | Activity |
|---|---|---|---|---|
| 1 | 118 | 2 days ago | ||
| 5 | 194 | 2 days ago | ||
| 0 | 42 | 2 days ago | ||
| 0 | 39 | 2 days ago | ||
| 2 | 103 | 3 days ago |