Youtube embed codes seen as 'dangerous_tags'

ozbod · March 28, 2019, 10:42am

Good morning, I am new here but thought I should ask about this. I created a new page and embedded a Youtube video using this code:

After saving this page I saw this notice in a green bar at the top of the page:
NOTICE: Grav found potential XSS issues in content: 'dangerous_tags’

I then removed the embed code and saved again and the warning had gone.

So for some reason Grav isn’t liking the embedded code.

I am using Grav v1.6.0-rc.4 - Admin v1.9.0-rc.4 with quark v2.0.0-rc.2

I hope I have given the right information.
Cheers
Dave

ozbod · March 28, 2019, 2:38pm

OK as I said I am new to Grav, but I got this one sussed:
https://getgrav.org/blog/new-xss-protection

OleVik · March 28, 2019, 5:27pm

Indeed, and it should be, even though you can disable that behavior in settings. It’s generally better that you use the YouTube-shortcode plugin.

Topic		Replies	Views
NOTICE: Grav found potential XSS issues in content: 'dangerous_tags' admin	0	1246	October 30, 2018
Grav found potential XSS issues in content: 'on_events' Support	4	290	January 19, 2024
Empty Script Tags in source code on new install Support	2	580	September 25, 2017
Grav YouTube Plugin ignores options once placed into Gantry 5 HTML particle Gantry plugins	11	1046	June 9, 2021
Mediaembed plugin and youtube Archive	15	650	May 5, 2015

Youtube embed codes seen as 'dangerous_tags'

Related Topics