Post by scottyboyyy » Sat Oct 10, 2020 1:29 am

What would be stopping me from saving information or product with an iframe in description? It is taking me to a 404 if I try to save.

I've tried removing the javascript files from the information_form.twig, doesn't affect it. Also looked at information.php in the controller, validate form function doesn't seem to affect it. Tried removing if user permission allowed parameters incase it was this. Not sure what is stopping it.

It can be added directly to the description field database without an issue.

Not looking for a plugin editor, would like to know what blocks it. Any ideas? :-)

Active Member

Posts

Joined
Fri Apr 07, 2017 2:36 am

Post by rjcalifornia » Sun Oct 11, 2020 4:10 am

scottyboyyy wrote:
Sat Oct 10, 2020 1:29 am
What would be stopping me from saving information or product with an iframe in description? It is taking me to a 404 if I try to save.
Can you explain this further? What are you trying to save and where?

Image


Active Member

Posts

Joined
Fri Sep 02, 2011 1:19 pm
Location - Worldwide

Post by ADD Creative » Mon Oct 12, 2020 6:26 pm

Could be a web application firewall. Although they usually give a 403. It the URL that gives a 404 a valid one?

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by letxobnav » Mon Oct 12, 2020 6:33 pm

What would be stopping me from saving information or product with an iframe in description?
Common sense but other than that, nothing.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by paulfeakins » Mon Oct 12, 2020 6:36 pm

ModSecurity - ask your web host.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by scottyboyyy » Thu Oct 15, 2020 2:41 pm

I know the classic editor has video and you can paste in a youtube link and it will display the video and if you view code view it shows the iframe.

I have removed summernote so that it is just a textarea field. This allows me to just work in code view and has been better for me so far - I have more control, can add anything (until this) and don't have the bug issue when saving in codeview.

If I simply put <iframe> without the video link, etc it takes me to a 404 page when saving.

Active Member

Posts

Joined
Fri Apr 07, 2017 2:36 am

Post by letxobnav » Thu Oct 15, 2020 2:45 pm

If I simply put <iframe> without the video link, etc it takes me to a 404 page when saving.
if your html is solid then your host does not allow iframes in the html body, ask them.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by scottyboyyy » Thu Oct 15, 2020 3:03 pm

letxobnav wrote:
Thu Oct 15, 2020 2:45 pm
If I simply put <iframe> without the video link, etc it takes me to a 404 page when saving.
if your html is solid then your host does not allow iframes in the html body, ask them.
Would my host not block me completely then?

I can add the iframe to the description within the database and it works fine. Also I can add iframes directly into the .twig files.

It is only via the admin textarea that I can't. The save button takes me to a 404. I've tested with a clean opencart install.

Below is what I am changing the description field to be:

Code: Select all

<div class="form-group required">
                    <label class="col-sm-2 control-label" for="input-description{{ language.language_id }}">{{ entry_description }}<br>                    </label>
                    <div class="col-sm-10">
                      <textarea name="information_description[{{ language.language_id }}][description]" placeholder="{{ entry_description }}" id="input-description{{ language.language_id }}" style="height:450px; width:100%;" class="form-control">{{ information_description[language.language_id] ? information_description[language.language_id].description }}</textarea>
                      {% if error_description[language.language_id] %}
                      <div class="text-danger">{{ error_description[language.language_id] }}</div>
                      {% endif %} </div>
</div>
I will ask my host anyway!

Thanks for your help and time :-)

Active Member

Posts

Joined
Fri Apr 07, 2017 2:36 am

Post by letxobnav » Fri Oct 16, 2020 4:16 pm

Would my host not block me completely then?
no, if they run a security module it would just block the individual request and either give a 404 or just drop the connection.
I can add the iframe to the description within the database and it works fine.
If that is the case, your host is not blocking.

not a twig expert but is this solid?

Code: Select all

{{ information_description[language.language_id] ? information_description[language.language_id].description }}

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan
Who is online

Users browsing this forum: fegdeed and 31 guests