KSES and Voice Thread’s Embed Code

snapping turtle

Voice Thread’s embed code should like what you see below.

<iframe width="480" height="270" src="https://auth.voicethread.com/app/player/?threadId=7647336" frameborder="0" allowusermedia allowfullscreen allow="camera https://auth.voicethread.com; microphone https://auth.voicethread.com; fullscreen https://auth.voicethread.com;"></iframe>

For non-super admins who have iframe embed rights we were getting this instead (once the post had updated and been cleansed by our friend kses).

<iframe width="480" height="270" src="https://auth.voicethread.com/app/player/?threadId=7647336" frameborder="0"></iframe>

It still mostly worked but we needed to tweak things to let in those additional variables (allowusermedia allowfullscreen allow). You can see pieces we needed to add to the iframe array in the comments below.


add_filter( 'wp_kses_allowed_html', 'esw_author_cap_filter',1,1 );

function esw_author_cap_filter( $allowedposttags ) {


if ( !current_user_can( 'publish_posts' ) ) //we set this for authors and higher 
return $allowedposttags;

// Here add tags and attributes you want to allow

$allowedposttags['iframe']=array(

'align' => true,
'width' => true,
'height' => true,
'frameborder' => true,
'name' => true,
'src' => true,
'id' => true,
'class' => true,
'style' => true,
'scrolling' => true,
'marginwidth' => true,
'marginheight' => true,
'allowfullscreen' => true, 
'mozallowfullscreen' => true, 
'webkitallowfullscreen' => true,
'allowusermedia' => true,//*******************newly added
'allowfullscreen' => true,//*******************newly added
'allow' => true,//*******************newly added

);

$allowedposttags["object"] = array(
 "height" => array(),
 "width" => array()
);
 
$allowedposttags["param"] = array(
 "name" => array(),
 "value" => array()
);

$allowedposttags["embed"] = array(
 "type" => array(),
 "src" => array(),
 "flashvars" => array()
);


return $allowedposttags;

}