[Resolved] iframe embed code integration with elementor

[Author]

Posts

[CaseyK4294]

Tell us what you are trying to do?

A solution that your support team helped me to find a few months ago suddenly stopped working. Trying to pull the iframe/embed code dynamically and display it using shortcode in an elementor template. Instead of the widget I was seeing before, I just see code. I tried with both elementor's text editor widget and their shortcode widget.

Is there any documentation that you are following?

This was an issue I had previously, here is a link to the thread:
https://toolset.com/forums/topic/iframe-embed-code-integration-with-elementor/

What is the link to your site?

Here's a sample page where you can see the issue:
hidden link

[Christian Cox]

Hello, I can take a closer look if you provide login credentials in the private reply fields here. It could be a conflict between Elementor and Toolset, or it could be an issue where the contents of the custom field have been corrupted somehow.

[Christian Cox]

Yes, it seems that the contents in each WYSIWYG field have been modified or corrupted somehow. You can compare the existing Text tab contents (see my screenshot) with the contents that should be present in each WYSIWYG field's text tab, per the original ticket here: https://toolset.com/forums/topic/iframe-embed-code-integration-with-elementor/#post-1784669

Note that script tags have been stripped out of the markup. My guess is that this post was edited, corrupting the script tag HTML markup in each WYSIWYG field.

In general, allowing script tags in custom field content is considered to be a security issue, since Users could theoretically add malicious JavaScript content that would be executed on the live site. So there may be some security features in play here, I would need to know more about how this post is edited. For example, if the post is edited in Forms on the front-end of the site, script tags are usually stripped out of input provided by Forms to prevent those security issues I just described.

[CaseyK4294]

Thank you, I am still looking into this on my end. It seems I ran a plugin that changed some of the header code to minify the javascript and that's what messed it up. I removed the plugin, but the issue is still there so I am continuing to research. In terms of security, the functionality of this site only allows logged in administrative staff (the owner and myself at this time) to enter information into the custom post fields. No forms are currently set up, nor will they be for this custom post type in the future.

[Christian Cox]

Okay I will stand by for your update.

[CaseyK4294]

Thank you. I am still working on this, but in the meantime, I am also wondering if there is a different way to approach embedding the widgets we want in our custom post type template.

The way we have it set up, the "Towns" custom post type includes many different custom fields, 3 of those are code for embedded widgets. Like I said in my last reply, there will be no front end forms to submit the info, only the admin team will have access to the custom fields at the backend.

Is there a different method that would be recommended, rather than using the text editor and field types shortcode in the template and having it pull the code dynamically from the wysiwyg field we have the code pulled from currently?

[Christian Cox]

The Types field shortcode system is recommended and probably the most straightforward solution. Another code-based option is to use the PHP API, I'm not sure if you're looking for something more complex here.

[CaseyK4294]

Thanks! I'll keep plugging away at it then to figure out why the code is being stripped in the custom field. I'm going to close this ticket for now while I work at it.