Users cannot save html code for embedding, only admin can

[emmanova]

Powered by SMF 2.0 RC4 | SMF © 2006–2010, Simple Machines LLC
SimplePortal 2.3.3 © 2008-2010, SimplePortal

My members started complaining that their embedded coding wasn't working, but every time I go and check their thread I see they didn't put the html code at the begining and the end of the embedded code. So I will go ahead and fix it for them adding the code. Next time they Modify their own thread it get mess up again, when I check is missing the html code.

I started to make fun of them telling them that they need to stop removing the html code or that their browser was mess up, becuase when I added the code it work fine. Well I had to slap in my face. I created a test account and is true when a regular user type a code like this

<iframe width="425" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.com/maps?f=q&amp;source=s_q&amp;hl=en&amp;geocode=&amp;q=Orlando,+FL&amp;aq=0&amp;sll=28.555043,-81.281652&amp;sspn=0.015907,0.027144&amp;ie=UTF8&amp;hq=&amp;hnear=Orlando,+Orange,+Florida&amp;z=12&amp;ll=28.538336,-81.379236&amp;output=embed"></iframe><br /><small><a href="http://maps.google.com/maps?f=q&amp;source=embed&amp;hl=en&amp;geocode=&amp;q=Orlando,+FL&amp;aq=0&amp;sll=28.555043,-81.281652&amp;sspn=0.015907,0.027144&amp;ie=UTF8&amp;hq=&amp;hnear=Orlando,+Orange,+Florida&amp;z=12&amp;ll=28.538336,-81.379236" style="color:#0000FF;text-align:left">View Larger Map</a></small>


and type html at the begining and end, I can't even preview it, it doesnt show the embedded map. If I save it and go back to modify it, the html code is gone. But If I do it as administrator it stays. I search and research for permission and I can't find anything that can trigger this. Can anyone help?

[emmanova]

HA! Funny, I just try it here and it happen the same thing. I think I found a Bug 

[Antechinus]

It's deliberate. Only admins can use html.

[Arantor]

It's done for security, too - if a regular user had that power, they could embed all kinds of nastiness in the forum (like attempts as login stealing details, for example)

[emmanova]

Can't that be an option like everything else? Let the admin decide what kind of permission to give to users? or better yet how about fix the embeddind then so they dont have to use html.

Like if I go to Vbulleting forums and paste the code I just did here the map show up and I dont have to worry about using html or anything.

So can I have a solution?

[Arantor]

Can't that be an option like everything else? Let the admin decide what kind of permission to give to users? or better yet how about fix the embeddind then so they dont have to use html.

No, it can't.

Do you have any embedding mods (I'm thinking either Aeva or SAVE here) installed?

Like if I go to Vbulleting forums and paste the code I just did here the map show up and I dont have to worry about using html or anything.

Yes, and if you go to vBulletin forums and pull the same stunt, it's a mess waiting to happen, since iframes can trivially provide security weaknesses if improperly set up... you show me a forum that can embed iframes, and more often than not I can show you how to hijack the logged in user's credentials.

[emmanova]

So I guess you are telling me the only way is using a third party addon?

Yes I have Aeva installed. Just was wondering why this was happening and if there were something or setting that I was missing.

[Arantor]

So I guess you are telling me the only way is using a third party addon?

Yes, for security reasons.

Yes I have Aeva installed.

Version? Is Google Maps enabled in the sitelist?

[emmanova]

Yes is enabled, i just need to play more w the settings I guess. cause sometimes using the link instead of the html (at leas on map) won't give you the same options. For example when I use html, it copy the map and a link at the bottom that says Vie Larger but when I use the link with Aeva it shows the map smaller and not way to click on the map to see the full view :/

[Arantor]

I guess the version of Aeva shouldn't matter since they all use the same sitelist, but I figured I'd ask anyway...

[emmanova]

I guess the version of Aeva shouldn't matter since they all use the same sitelist, but I figured I'd ask anyway...

Ok well I do thank you for your time and explanation and your interest on my case