Feature #5036
closedEmbeds request
0%
Description
Dev team -
A user reports that she has "a series of JS Fiddle graphs, a timeline from Timeline.JS, and two CartoDB maps that I was hoping to embed".
She'd asked for iFrame but Matt explained that they pose security risks. Please let me know how to proceed, or if this cannot be done. Thanks!
- Marilyn Weber
CUNY Academic Commons Community Facilitator
Updated by Marilyn Weber almost 9 years ago
The user is Destry Sibley. She added
"This is pretty urgent. It's for Matt Gold's DH class, and the assignment is due this weekend."
Updated by Marilyn Weber almost 9 years ago
Following up, this is what I'm trying to embed:
Graphs:
https://jsfiddle.net/Destry/bcr687nj/23/embedded/result/[jsfiddle.net]
- embed code is <iframe width="100%" height="300" src="//jsfiddle.net/Destry/bcr687nj/23/embedded/" allowfullscreen="allowfullscreen" frameborder="0"></iframe>
https://jsfiddle.net/Destry/f95rnsvL/22/embedded/result/[jsfiddle.net] - embed code: <iframe width="100%" height="300" src="//jsfiddle.net/Destry/f95rnsvL/22/embedded/" allowfullscreen="allowfullscreen" frameborder="0"></iframe>
https://jsfiddle.net/Destry/j94q5f4h/23/embedded/result/[jsfiddle.net] - embed code: <iframe width="100%" height="300" src="//jsfiddle.net/Destry/j94q5f4h/23/embedded/" allowfullscreen="allowfullscreen" frameborder="0"></iframe>
Timeline:
https://cdn.knightlab.com/libs/timeline3/latest/embed/index.html?source=1xfLK4QWSuiPnMMfzbxfYwTZuf4UzCLbJV6DPKAaYIOc&font=Default&lang=en&initial_zoom=2&height=650[cdn.knightlab.com] - embed code: <iframe src='http://cdn.knightlab.com/libs/timeline3/latest/embed/index.html?source=1xfLK4QWSuiPnMMfzbxfYwTZuf4UzCLbJV6DPKAaYIOc&font=Default&lang=en&initial_zoom=2&height=650[cdn.knightlab.com]' width='100%' height='650' frameborder='0'></iframe>
Maps:
<iframe width="100%" height="520" frameborder="0" src="https://destrysibley.cartodb.com/viz/b08c4c8e-a128-11e5-bd64-0ecfd53eb7d3/embed_map[destrysibley.cartodb.com]" allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe> (http://bit.ly/1J3rARc[bit.ly])
<iframe width="100%" height="520" frameborder="0" src="https://destrysibley.cartodb.com/viz/8cc915a2-a128-11e5-b8b3-0e787de82d45/embed_map[destrysibley.cartodb.com]" allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe> (http://bit.ly/1J3rDMZ[bit.ly])
I'm still tweaking the maps but hopefully this will at least help to give you a general idea."
Updated by Matt Gold almost 9 years ago
- Status changed from New to Assigned
- Assignee set to Boone Gorges
- Priority name changed from Normal to Urgent
Hi Boone,
This is a student in my class, working on an assignment due on the 21st. Can you give me a sense of the following:
-- how much work would be required from you to created shortcodes
-- whether you can add this as a hotfix before the 21st (ideally by Friday or Saturday)
Thanks for your help with this.
Updated by Boone Gorges almost 9 years ago
The restriction against arbitrary iframes and embeds is for security purposes: we only allow users to embed from trusted sources. A shortcode that allows arbitrary embeds from jsfiddle is insecure for the same reasons.
If these items absolutely must be embedded in a Commons site, I will write hardcoded shortcodes that can only be used for embedding these specific items, on the specific site where you need them displayed. This, at least, will limit potential security issues to the site and embeds in question. Can I assume that the iframe code provided above is going to remain the same? The values will be hardcoded in the shortcode. Please also provide the URL of the site where the shortcode will be used.
I will deploy it as a hotfix if that's what you want.
Updated by Boone Gorges almost 9 years ago
- Priority name changed from Urgent to Normal
Updated by Matt Gold almost 9 years ago
Marilyn, did you communicate Boone's message above to the student?
Updated by Matt Gold almost 9 years ago
Hi Boone --
From the member -- "This is it and the codes won't change"
You can also contact her directly if needed. Will email details
Updated by Boone Gorges almost 9 years ago
- Category name set to WordPress Plugins
- Status changed from Assigned to Resolved
I've written the shortcode and added it to the Commons. https://github.com/cuny-academic-commons/cac/commit/f89f31749778278f18753a5e9bd414980b2fc5e3
Usage details:
The shortcode is [dsibley], and it can be used only on http://dmsproject.commons.gc.cuny.edu/ (I took a guess that this was the correct site). It can be used for 6 different embeds, which can be selected with the `id` parameter. [dsibley id=1] [dsibley id=2] etc. See https://dmsproject.commons.gc.cuny.edu/wp-admin/post.php?post=17&action=edit and http://dmsproject.commons.gc.cuny.edu/?p=17&preview=true to get a sense of how it works.
Let me know if you experience any problems.