Title: Allow editor to use IFRAME code only but disable javascript code?
Last modified: June 28, 2024

---

# Allow editor to use IFRAME code only but disable javascript code?

 *  Resolved [Eggy](https://wordpress.org/support/users/zearth/)
 * (@zearth)
 * [1 year, 10 months ago](https://wordpress.org/support/topic/allow-editor-to-use-iframe-code-only-but-disable-using-javascript/)
 * Hi guys, Is there a way to implement this rule where user allowed only to use
   IFRAME (for embeds) but disable/strip javascript codes? when I enable this in
   the capabilities it also allow to use javascript codes.
 * TIA
    -  This topic was modified 1 year, 10 months ago by [Eggy](https://wordpress.org/support/users/zearth/).
    -  This topic was modified 1 year, 10 months ago by [Eggy](https://wordpress.org/support/users/zearth/).

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Nicolas Langle](https://wordpress.org/support/users/nlangle/)
 * (@nlangle)
 * [1 year, 10 months ago](https://wordpress.org/support/topic/allow-editor-to-use-iframe-code-only-but-disable-using-javascript/#post-17856434)
 * Hi [@zearth](https://wordpress.org/support/users/zearth/),
 * Can you provide more context please ? If you are talking about embed block, it
   only take a valid url as argument. Are you talking about the script inside the
   iframe generated by embed block ? If it that you will have to add filter on embed
   block to add an attribute [sandbox](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox)
   to the iframe
 *  Thread Starter [Eggy](https://wordpress.org/support/users/zearth/)
 * (@zearth)
 * [1 year, 10 months ago](https://wordpress.org/support/topic/allow-editor-to-use-iframe-code-only-but-disable-using-javascript/#post-17857739)
 * I want our editors to be able to embed <iframe> code only in the post editor.
   We don’t want them to post some javascript codes like <script>codes</script>.
   In this way the content being push to the frontend will allow them only to use
   iframe and no javascript embed codes in the editor content.
 *  Thread Starter [Eggy](https://wordpress.org/support/users/zearth/)
 * (@zearth)
 * [1 year, 10 months ago](https://wordpress.org/support/topic/allow-editor-to-use-iframe-code-only-but-disable-using-javascript/#post-17857897)
 * I found alternative solution, here is my temp solution to prevent javascript 
   code insert from non administrator.
 *     ```wp-block-code
       function filterjs( $data, $postarr, $unsanitized_postarr){global $current_user;$roleko = $current_user->roles[0];if($roleko == 'administrator') {} else {$postcontent = $data['post_content'];$postcontent = str_replace('<script','&lt;script',$postcontent );$postcontent = str_replace('</script>','&lt;/script&gt;',$postcontent );$data['post_content'] =  $postcontent ;}return $data;}add_filter( 'wp_insert_post_data', 'filterjs',10,3);
       ```
   

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Allow editor to use IFRAME code only but disable javascript code?’ is
closed to new replies.

## Tags

 * [capabilities](https://wordpress.org/support/topic-tag/capabilities/)

 * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/)
 * 3 replies
 * 2 participants
 * Last reply from: [Eggy](https://wordpress.org/support/users/zearth/)
 * Last activity: [1 year, 10 months ago](https://wordpress.org/support/topic/allow-editor-to-use-iframe-code-only-but-disable-using-javascript/#post-17857897)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics