Module Description
IFrames are great old way to embed content of another site to yours. This also make it a good way to start a cross-site attack.
It's both good and bad thing to let your site users to add iframe in their contents. On one hand, if a users is doing "Full HTML" in their content, they would certainly want to embed iframe (YouTube, Google Maps). But if one of your users is naughty, or if your site is somehow hacked, they would want to sneak malicious iframe attack in, too.
Can we remove all the iframe(s), except the ones we trust?
That's what this module does.
It provides a filter that you may add to text formats (Full HTML, Filtered HTML). The filter will remove every iframe it found except "src" from the whitelist.
Easy to config. Easy to use.
Usage
* Open your site's admin interface
* Go to "Configruation" > "Text formats"
* Open "configure" of the text format that you want to apply the filter
* Check "iFrame removing filter"
* At "Filter Settings" > "iFrame removing filter", fill-in the whitelist domains. You need to put in 1 domain per line. You may use wildcard character "*" to match multiple characters
* Click "Save Configurations"
It's both good and bad thing to let your site users to add iframe in their contents. On one hand, if a users is doing "Full HTML" in their content, they would certainly want to embed iframe (YouTube, Google Maps). But if one of your users is naughty, or if your site is somehow hacked, they would want to sneak malicious iframe attack in, too.
Can we remove all the iframe(s), except the ones we trust?
That's what this module does.
It provides a filter that you may add to text formats (Full HTML, Filtered HTML). The filter will remove every iframe it found except "src" from the whitelist.
Easy to config. Easy to use.
Usage
* Open your site's admin interface
* Go to "Configruation" > "Text formats"
* Open "configure" of the text format that you want to apply the filter
* Check "iFrame removing filter"
* At "Filter Settings" > "iFrame removing filter", fill-in the whitelist domains. You need to put in 1 domain per line. You may use wildcard character "*" to match multiple characters
* Click "Save Configurations"
Module Link
Project Usage
163
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
This module aims to solve the issue of removing all iframes, except for those on a whitelist, to prevent cross-site attacks and malicious content embedding.
Data Name
iframeremove
OPENAI CHATBOT
OPENAI CHATBOT
