Forums | Mahara Community
Developers
/
Not sure on iframe source and code to embed
11 December 2013, 9:15
Not sure this belongs in the forum but giving it a go.
Using v1.7.2 and adding in the Allowed iframe sources to embed a quiz from www.sporcle.com
Anyway the embed code for the quiz on the website says:
<iframe frameborder="0" scrolling="no" marginheight="0" marginwidth="0" id="spFrame52a775e698d4a" src="http://www.sporcle.com/framed/?v=5&pm&gid=5bdac1eb55f&fid=52a775e698d4a&width=820" style="width:100%;"></iframe>
<script type="text/javascript" src="http://www.sporcle.com/embed/embed.js?v=52a775e698d4a"></script>
Which cannot be right can it? How can you have iframe and javascript codes together.
Not sure therefore what to put in the iframe source block and also not sure how much of this code to copy and paste into the External Sources block.
So far my attempts have drawn a big fat zero...
Many thanks as always
11 December 2013, 21:43
The source for the iframe doesn't work, which seems to be the main problem with the embedd-code. I think, that is a problem, sporcle has to solve.
The javascript-code seems to add a couple of conveniences, like resize, a missing javascript-function for InternetExplore and handling communication between the iframes. You could try to enter the iframe-source only and see if it works without the JavaScript.
As for the "Allowed iframe-sources" setting, the url "www.sporcle.com" should do the trick.
14 December 2013, 1:45
Tobias
I have emailed the company as trying it with just the iframe tags does not work either
Many thanks again
Gideon
14 December 2013, 4:14
Hi Gideon,
The <script> parts will be stripped out because Mahara uses HTML Purifier. The same problem comes when I tried to embed a Twitter widget (timeline) in Mahara. It strips out all the code and leaves me only with text and hyperlink.
Aparently you can write HTML Purifier customisations to circumvent that but not sure how to do that. And it is unsafe as well as your site could be exploited through it.
Marius
15 December 2013, 17:23
Hello Gideon,
I could embed just the <iframe> tag, leaving the Javascript part out as that is stripped out by HTML Purifier. However, I could not see the entire game because there is only the width but no height. And adding that would be too much required from a user I would say.
As for the source, I would go with "www.sporcle.com/framed/". We recommend to use as much as possible from the URL (and not only the base URL) to prevent any potential misuse.
Cheers
Kristina