Wp-calypso: Gutenberg: Adding <iframe> code in Custom HTML block successfully displays in block preview on plans where <iframe> is not allowed

Created on 24 Mar 2019  路  7Comments  路  Source: Automattic/wp-calypso

As documented in https://en.support.wordpress.com/code/

The following tags are stripped from post_content on save for WordPress.com simple sites:

  • embed
  • frame
  • iframe
  • form
  • input
  • object
  • textarea

The block editor is not aware of this limitation, and does not show any warnings. This is a confusing user experience so we should make add a nudge or provide an appropriate human readable error.

Steps to reproduce

  1. Edit a post or page using Gutenberg on simple sites, where <iframe> code is not allowed
  2. Add the Custom HTML block and add some <iframe> code, like: <iframe src="https://staticresource.com" width="300" height="300"></iframe>
  3. Click the "preview" button on the block

What I expected

For the preview to either show an error message, show the code itself, or be blank, as the code will not work on the site

What happened instead

The preview successfully shows the embedded content, inaccurately leading the user to believe the code will work on their site

Screenshot / Video

https://cld.wthms.co/cry30i

Context / Source

Reported in #1902396-zen

[Goal] Gutenberg [Type] Bug
Source
picture lakellie
👍3

All 7 comments

Just a note, I did some further testing and the same case is happening for other types of disallowed code like <form> as well.

lakellie picture lakellie on 24 Mar 2019

where