Skip to content
Grav 2.0 is officially stable. Read the announcement →
Log in Register
Support

Youtube embed codes seen as 'dangerous_tags'

Started by Dave 7 years ago · 2 replies · 1163 views
7 years ago

Good morning, I am new here but thought I should ask about this. I created a new page and embedded a Youtube video using this code:

<iframe src="//www.youtube.com/embed/hD-MBjzTT0A" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen"></iframe>

After saving this page I saw this notice in a green bar at the top of the page:
NOTICE: Grav found potential XSS issues in content: 'dangerous_tags'

I then removed the embed code and saved again and the warning had gone.

So for some reason Grav isn't liking the embedded code.

I am using Grav v1.6.0-rc.4 - Admin v1.9.0-rc.4 with quark v2.0.0-rc.2

I hope I have given the right information.
Cheers
Dave

7 years ago

Indeed, and it should be, even though you can disable that behavior in settings. It's generally better that you use the YouTube-shortcode plugin.

Suggested topics

Topic Participants Replies Views Activity
unable to get waypoints to trigger
Support · by Duc , 2 hours ago
1 17 1 hour ago
Multisite in subdirectory
Support · by Thomas, 1 week ago
3 101 10 hours ago
How to listen for GET requests instead of POST requests?
Support · by Anna, 3 days ago
2 99 1 day ago
Twig not processing in 2.0.0
Support · by Justin Young, 1 day ago
1 66 1 day ago
Form: GRAV.Yes translation key
Support · by Duc , 1 week ago
2 101 6 days ago