1 Reply Latest reply on Aug 21, 2017 11:18 PM by gsvivek

    Video embedding code getting ripped off

    drishti

      Hello Team,

       

      Greetings for the day!

       

      We use a thrid party vendor Brightcove to upload our video, and we embed those codes generated through its inbuilt players. We are facing an issue with these video embedding codes Just to elaborate the case, we are trying to embed the
      videos on our ZSpace pages (Jive Platform). We have tested three different variations of the code. Every time we paste the code in HTML editor and save the page, it goes blank. The code registers only the style code and rest of the code is stripped out.

       

      Only below mentioned strikethrough codes get ripped out everytime we same the page:

       

      New players:

      Standard

       

      <div style="display: block; position: relative; max-width: 100%;"><div style="padding-top: 56.25%;"><iframe src="//players.brightcove.net/1253616341001/Nyg4cqIpe_default/index.html?videoId=5116785175001"

      allowfullscreen

      webkitallowfullscreen

      mozallowfullscreen

      style="width: 100%; height: 100%; position: absolute; top: 0px; bottom: 0px; right: 0px; left: 0px;"></iframe></div></div>

       

       

      Advanced

       

      <div style="display: block; position: relative; max-width: 100%;"><div style="padding-top: 56.25%;"><video data-video-id="5116785175001"

      data-account="1253616341001"

      data-player="Nyg4cqIpe"

      data-embed="default"

      data-application-id

      class="video-js"

      controls

      style="width: 100%; height: 100%; position: absolute; top: 0px; bottom: 0px; right: 0px; left: 0px;"></video>

      <script src="//players.brightcove.net/1253616341001/Nyg4cqIpe_default/index.min.js"></script></div></div>

       

       

      Old player (Javascript code)

       

      <!-- Start of Brightcove Player -->

      <div style="display:none">

      </div>

      <!--
      By use of this code snippet, I agree to the Brightcove Publisher T and C
      found at https://accounts.brightcove.com/en/terms-and-conditions/.
      -->

      <script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>

      <object id="myExperience5116785175001" class="BrightcoveExperience">
        <param name="bgcolor" value="#FFFFFF" />
        <param name="width" value="576" />
        <param name="height" value="324" />
        <param name="playerID" value="4160542144001" />
        <param name="playerKey" value="AQ~~,AAABI-FbUAk~,h1q9mwfMzw3iriFeESjyiEoCctQK7T8F" />
        <param name="isVid" value="true" />
        <param name="isUI" value="true" />
        <param name="dynamicStreaming" value="true" />
       
        <param name="@videoPlayer" value="5116785175001" />
      </object>

      <!--
      This script tag will cause the Brightcove Players defined above it to be created as soon
      as the line is read by the browser. If you wish to have the player instantiated only after
      the rest of the HTML is processed and the page load is complete, remove the line.
      -->
      <script type="text/javascript">brightcove.createExperiences();</script>

      <!-- End of Brightcove Player -->

       

       

      Can you please see why this code is getting ripped off. Let us know if we are missing anything.

       

      Regards,

      Drishti

        • Re: Video embedding code getting ripped off
          gsvivek

          This is most probably due to the HTML filter that is enabled which would filter out HTML tags that can be used for malicious intent. Goto admin console --> Spaces --> Settings --> Filters and Macros --> HTML filter. In the HTML filter settings, look for "List of Tags to be removed". This would have iFrame and script tags mentioned. You can remove iFrame from this set which would allow your content to have iFrame. However, please note that this would mean any user of yours, creating content can embed iframes which might introduce XSS and/ or other security issues and so you should definitely not remove the script tag from the list. The alternative is to embed the script as part of your theme file either in header (if its used in multiple places) or specific to the content and then use the object tag within your content.