Thread Starter
dfuytn
(@dfuytn)
I’ve restored version 6.5.0 and things are back working again. So something is not working in 6.5.2.
Hi @dfuytn,
Yes you are right and that is expected in the latest version. I have added certain security checks to strip off malicious scripts. Do you insert JS as custom field value? I’ll revisit and see how this can be handled for these usecases.
Thanks,
Aakash
Thread Starter
dfuytn
(@dfuytn)
No. Just an iframe in a div.
Here’s what it looks like.
<div style="position: relative; padding-top: 56.25%;"><iframe src="https://link-to-the-video?autoplay=false" loading="lazy" style="border: none; position: absolute; top: 0; height: 100%; width: 100%;" allow="accelerometer; gyroscope; autoplay; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div>
Got it. Let me see if I can allow basic HTML. Please expect a fix by next weekend.
Hi @dfuytn,
I understand you concern. The fix is quite complex 😅. I’m looking at the best way to handle this. Please expect a fix by this Saturday or Sunday.
Thread Starter
dfuytn
(@dfuytn)
Us non-developers think you should be able to fix it easily and fast.
Hi @dfuytn,
Can you please send me a DM on my contact form below? There are no other requests for the same fix. While I work on this I can arrange a temp workaround for you to proceed. Please send me a ping and I’ll get back to you.
https://www.aakashweb.com/contact/
Thanks,
Aakash
Hello,
We similarly got a break with this 6.5.2 release. We have <input /> in a shortcode, and we use this plugin to summon those contents in a Page, and this update is stripping the input from the output. Would love to be able to get this fixed. For now we’re just having to roll back to a previous version of the plugin. Thanks!
the fix is quite complex
Might it be possible to add a setting to the plugin called something like Sanitize custom field value before being inserted into post, and have it default to true, and then we could just disable that setting if we need the original functionality?
Hi @dfuytn,
My apologies for the delay. I’m considering @martyn-chamberlin option to add a setting to disable this check. Please give me 1 week time. I will release a new version with this option on or before 9th May. Hope you understand.
Thanks,
Aakash
Hi @dfuytn, @martyn-chamberlin,
I have added an option in v6.5.3 under Shortcoder –> Settings to disable sanitization as required. Can you please upgrade to this version and enable this option?
Thanks,
Aakash
Thread Starter
dfuytn
(@dfuytn)
Works for me with Sanitation>Off
Hi @dfuytn,
Thanks for confirming! Marking this as resolved.
Thanks,
Aakash
