Project

General

Profile

Feature #5036

Embeds request

Added by Marilyn Weber almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
WordPress Plugins
Target version:
Start date:
2015-12-16
Due date:
% Done:

0%

Estimated time:

Description

Dev team -

A user reports that she has "a series of JS Fiddle graphs, a timeline from Timeline.JS, and two CartoDB maps that I was hoping to embed".

She'd asked for iFrame but Matt explained that they pose security risks. Please let me know how to proceed, or if this cannot be done. Thanks!

- Marilyn Weber
CUNY Academic Commons Community Facilitator

History

#1 Updated by Marilyn Weber almost 6 years ago

The user is Destry Sibley. She added
"This is pretty urgent. It's for Matt Gold's DH class, and the assignment is due this weekend."

#2 Updated by Marilyn Weber almost 6 years ago

She's added:
Following up, this is what I'm trying to embed:
Graphs:
https://jsfiddle.net/Destry/bcr687nj/23/embedded/result/[jsfiddle.net]

#3 Updated by Matt Gold almost 6 years ago

  • Status changed from New to Assigned
  • Assignee set to Boone Gorges
  • Priority name changed from Normal to Urgent

Hi Boone,

This is a student in my class, working on an assignment due on the 21st. Can you give me a sense of the following:

-- how much work would be required from you to created shortcodes
-- whether you can add this as a hotfix before the 21st (ideally by Friday or Saturday)

Thanks for your help with this.

#4 Updated by Boone Gorges almost 6 years ago

The restriction against arbitrary iframes and embeds is for security purposes: we only allow users to embed from trusted sources. A shortcode that allows arbitrary embeds from jsfiddle is insecure for the same reasons.

If these items absolutely must be embedded in a Commons site, I will write hardcoded shortcodes that can only be used for embedding these specific items, on the specific site where you need them displayed. This, at least, will limit potential security issues to the site and embeds in question. Can I assume that the iframe code provided above is going to remain the same? The values will be hardcoded in the shortcode. Please also provide the URL of the site where the shortcode will be used.

I will deploy it as a hotfix if that's what you want.

#5 Updated by Matt Gold almost 6 years ago

Thanks, Boone.

#6 Updated by Boone Gorges almost 6 years ago

  • Target version set to 1.9.1.1

#7 Updated by Boone Gorges almost 6 years ago

  • Priority name changed from Urgent to Normal

#8 Updated by Matt Gold almost 6 years ago

Marilyn, did you communicate Boone's message above to the student?

#9 Updated by Matt Gold almost 6 years ago

Hi Boone --

From the member -- "This is it and the codes won't change"

You can also contact her directly if needed. Will email details

#10 Updated by Boone Gorges almost 6 years ago

  • Category name set to WordPress Plugins
  • Status changed from Assigned to Resolved

I've written the shortcode and added it to the Commons. https://github.com/cuny-academic-commons/cac/commit/f89f31749778278f18753a5e9bd414980b2fc5e3

Usage details:

The shortcode is [dsibley], and it can be used only on http://dmsproject.commons.gc.cuny.edu/ (I took a guess that this was the correct site). It can be used for 6 different embeds, which can be selected with the `id` parameter. [dsibley id=1] [dsibley id=2] etc. See https://dmsproject.commons.gc.cuny.edu/wp-admin/post.php?post=17&action=edit and http://dmsproject.commons.gc.cuny.edu/?p=17&preview=true to get a sense of how it works.

Let me know if you experience any problems.

Also available in: Atom PDF