Allow Editors to Post iFrame embeds

  • Dean

    (@deantester)


    2 years, 7 months ago

    We are running a large multisite and we have users who now want to embed Facebook videos on their pages.

    I’d like to enable them to do this by pasting the iFrame with Custom HTML.

    This works fine for admins, but for Editors, they are not able to post iFrame (content is stripped — likely due to unfiltered_html role only being accessible to Super Admins.

    How can I give them this role? I’ve tried a plugin (Menu Editor Pro) and some code, but neither worked. Here’s the code I tried in functions.php:

    function add_theme_caps() {
    // gets the author role
    $role = get_role( 'editor' );

    // This only works, because it accesses the class instance.
    // would allow the author to edit others' posts for current theme only
    $role->add_cap( 'unfiltered_html' ); 
}
add_action( 'admin_init', 'add_theme_caps');

    We cannot do this with “Embed” blocks because Facebook has blocked oEmbed, and I cannot ask users to connect their Facebook pages, use app IDs, etc., that are required by other plugins.

Viewing 3 replies - 1 through 3 (of 3 total)
  • MK

    (@mkarimzada)

    2 years, 7 months ago

    Use map_meta_cap() function to add caps to a specific role in multisite.

    Also it’s possible to use kses_remove_filters() on a specific page or user/role.

    Example:

    function editor_unfiltered_html_cap( $caps, $cap, $user_id, $args ) {
    $user = get_userdata( $user_id );
    $user_roles = $user->roles;
    
    if( in_array( 'editor', $user_roles, true ) && !defined( 'DISALLOW_UNFILTERED_HTML' ) ) {
        $caps[] = 'unfiltered_html';
    }
    
    return $caps;
}

add_filter( 'map_meta_cap', 'editor_unfiltered_html_cap', 10, 4 );

    I hope this helps.

    • This reply was modified 2 years, 7 months ago by MK. Reason: improved if statement
    Thread Starter Dean

    (@deantester)

    2 years, 7 months ago

    Thank you @mkarimzada for the reply but that code was unsuccessful in resolving my issue — editors are still not able to update iFrames.

    MK

    (@mkarimzada)

    2 years, 7 months ago

    This seems to be a change in security policies of Gutenberg and I’m 100% sure there is a reason for it. I’ve found this open issue on Gutenberg repo https://github.com/WordPress/gutenberg/issues/15137.

    Have you tried Unfiltered MU by Automattic?

    Another possible solution would be allowing iframe via wp_kses_allowed_html, but not recommended. Also, you need to make sure editors are 100% trusted before doing this.

    function allow_iframes_for_editor( $allowed_tags ){
    
	$allowed_tags['iframe'] = array(
		'align' => true,
		'allow' => true,
		'allowfullscreen' => true,
		'class' => true,
		'frameborder' => true,
		'height' => true,
		'id' => true,
		'marginheight' => true,
		'marginwidth' => true,
		'name' => true,
		'scrolling' => true,
		'src' => true,
		'style' => true,
		'width' => true,
		'allowFullScreen' => true,
		'class' => true,
		'frameborder' => true,
		'height' => true,
		'mozallowfullscreen' => true,
		'src' => true,
		'title' => true,
		'webkitAllowFullScreen' => true,
		'width' => true
	);
    
    if ( current_user_can('editor') ) {
      return $allowed_tags;  
    }
}

add_filter( 'wp_kses_allowed_html', allow_iframes_for_editor, 1 );

    I hope this helps.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Allow Editors to Post iFrame embeds’ is closed to new replies.