Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
9.10
-
Easy
-
Description
The home page embeds a YouTube video using an iframe and the HTML macro. This code was already complex and we made it even more complex when fixing XWIKI-14818: we now have Velocity code and a big technical comment with a JIRA reference. We need to simplify the wiki syntax so that we don't scare the users that edit the home page using the wiki editor or that switch to source from the WYSIWYG editor. We have this right now:
{{box cssClass="floatinginfobox"}} {{velocity}} {{html clean="false"}} ## Chrome's XSS Auditor blocks the preview action if: ## * the submitted content has an iframe with an external URL ## * the preview action displays the submitted iframe ## The workaround is to make sure the submitted content (the macro markers) don't match the preview HTML. ## See XWIKI-14818: Preview triggers ERR_BLOCKED_BY_XSS_AUDITOR in Chrome #set ($iframe = 'iframe') <$iframe src="https://www.youtube.com/embed/9QTWrZ7OfzI" allowfullscreen></$iframe> {{/html}} {{/velocity}} {{/box}}
vmassol suggested the following solutions:
- move this code in a separate technical page and use the include macro
- write an iframe rendering macro and use it on the home page
{{iframe src="https://www.youtube.com/embed/9QTWrZ7OfzI" allowfullscreen="true" class="floatinginfobox" /}}
Attachments
Issue Links
- is related to
-
XWIKI-14818 Preview triggers ERR_BLOCKED_BY_XSS_AUDITOR in chrome
- Closed
- relates to
-
XWIKI-15663 Table on Main.WebHome is missing the header
- Closed
-
XWIKI-15684 iFrames usage is discouraged by WCAG
- Closed