Youtube embed codes seen as 'dangerous_tags'

ozbod · March 28, 2019, 10:42am

Good morning, I am new here but thought I should ask about this. I created a new page and embedded a Youtube video using this code:

After saving this page I saw this notice in a green bar at the top of the page:
NOTICE: Grav found potential XSS issues in content: 'dangerous_tags’

I then removed the embed code and saved again and the warning had gone.

So for some reason Grav isn’t liking the embedded code.

I am using Grav v1.6.0-rc.4 - Admin v1.9.0-rc.4 with quark v2.0.0-rc.2

I hope I have given the right information.
Cheers
Dave

ozbod · March 28, 2019, 2:38pm

OK as I said I am new to Grav, but I got this one sussed:
https://getgrav.org/blog/new-xss-protection

OleVik · March 28, 2019, 5:27pm

Indeed, and it should be, even though you can disable that behavior in settings. It’s generally better that you use the YouTube-shortcode plugin.

Topic		Replies	Views
NOTICE: Grav found potential XSS issues in content: 'dangerous_tags' admin	0	1344	October 30, 2018
Grav found potential XSS issues in content: 'on_events' Support	4	556	January 19, 2024
Empty Script Tags in source code on new install Support	2	637	September 25, 2017
How to include iframe? Archive	2	2473	December 16, 2015
Grav YouTube Plugin ignores options once placed into Gantry 5 HTML particle Gantry plugins	11	1153	June 9, 2021

Youtube embed codes seen as 'dangerous_tags'

Related topics