No announcement yet.

Creating BBCode for iFrame

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Creating BBCode for iFrame


    I'm new to managing a vBulletin (4.1.x) forum, so bear with me. I've tried to search the forums, but haven't found exactly what I need.

    What I'd like to do is create a custom BB code to allow my users to input an iFrame for Microsoft Office WebApps. I'd rather not turn on HTML by default though.

    An example of a WebApp iFrame is:
    <iframe src="!260&AllowInteractivity=False" width="402" height="346" frameborder="0" scrolling="no"></iframe>
    Ideally, I'd like the users to copy in the src portion only. Is this an easy thing to do? I guess my concern here is that I don't want users to be able to hack the site via inserting a non-microsoft iFrame.

    I'm curious as to thoughts and guidance here.

    Ken Puls, CMA, MS MVP (Excel)

  • #2
    You won't be able to limit it to Microsoft sites without some custom coding. We cannot officially support code modifications or forums running modified code, however you can try searching or asking for help with this over at


    • #3
      Thanks Trevor. I figured that would probably be the answer, but had to ask.
      Ken Puls, CMA, MS MVP (Excel)


      • #4
        I don't see why it would need "custom coding" - BB Codes are a default part of vBulletin.

        You are very right to not want your users to be able to enter an arbitrary URL for an iframe, it's a major security concern.

        You would make an BB Code with a replacement something like:

        <iframe src="{param}&AllowInteractivity=False" width="402" height="346" frameborder="0" scrolling="no"></iframe>
        And they would enter something like:


        As the bb code on in a post.

        Even that though isn't perfect, ideally BB Code parameters are enclosed in quotes- you will get a warning when saving them if they are not. A skilled user could figure out how to enter arbitrary html code into the bb code, but it is unlikely.


        • #5
          Thanks for that, BirdOPrey5. I should have posted back that I worked that out last night. (Actually, I came up with the exact same as you.)

          It's a real shame that we can't use php inside the BBCode setup. The challenge I've got is that Microsoft forces us to copy the entire iframe code out, so my users will have to copy/paste the whole thing, then cut it down before submitting it in a tag. If we were allowed to use php inside the tag setup, I'm sure I could work out a way to parse the entire iframe supplied to pull out just what I wanted. My thought process is that ideally I would:
          • Have the user enter the entire iframe code between the tags
          • Have the BBCode (using php)
            • Replace all < with | characters (or something) to screw up any additional markup inserted
            • Grab everything between su- and &Al
          I don't think the php to do this would be too difficult to write, and it wouldn't require modifying any of the standard vbulletin files.

          Regardless, it looks like that's a non-starter for now.

          Trevor, is there an open forum for suggestions for future versions? With the robustness of web controls increasing, I think that validation of links is going to become even more important as time goes on. We really need a mechanism to be able to do this.
          Ken Puls, CMA, MS MVP (Excel)


          • #6
            What you talk about is certainly something that could be done with the use of a plugin and a regular expression to match and replace iframe code with an embedded iframe, but that would be modifying vBulletin and best talked about on