iframe tags are removed from the notes

Yiil
I have been using zotero for several years now and I used to embed, in my notes, multiple pdf that are stored online. I used this kind of html code that worked perfectly:

<iframe src="https://drive.google.com/file/d/255431vfr2zsZiNLbzcgflLxngBgffdaWFFd-FfPHvrfPrHxcc1/preview" width="640" height="480"></iframe>

<object data="oecd.org/eco/growth/NERO-22-June-2015-income-inequality-social-mobility-and-economic-growth.pdf" type="application/pdf"><iframe src="docs.google.com/viewer?url=https://www.oecd.org/eco/growth/NERO-22-June-2015-income-inequality-social-mobility-and-economic-growth.pdf&amp;embedded=true"></iframe> </object>


I just found out that, now that zotero is removing these codes.
Because there isn't any warning, I don't know how many link have have lost (zotero remove the whole code, it doesn't even keep the url).

It would be great to tell your users when you are doing such changes, not just in the changelog but in a popup in the user interface : "warning: iframe tags are no longer allowed, please review these notes that contain iframe".

We should also have a popup that tell the user that you are about to mkae this formatting change to their notes, so that no data are lost in such way (or because not everyone need to know what you are doing with the html, at least add a feature so that interested users can receive such popup).

Please fix this bug, I am probably not the only user who have lost tons of work because of that.

Also, thank you for the great job you are doing, zotero is really an amazing tool!
  • dstillman
    edited May 3, 2020
    Sorry about that, but this isn't something we changed intentionally — it's just not something that was ever intended to work. If you're editing raw HTML with a visual viewer, you should never really assume that code that isn't supported in the visual interface will work or continue to work.

    HTML sanitization is performed by the third-party note editor we use based on a set of whitelisted tags and attributes, and it's possible those became stricter at some point for security reasons. But that's not the sort of thing there would be a popup about.

    If you want to reference a PDF online, you can include a link to it in the note or add it as an attachment to the parent item.

    (Also, an iframe with Google Drive in it wouldn't work because Google Drive prevents itself from being rendered in an frame, which is a common security practice.)
  • Yiil
    Thanks a lot for your reply!

    I understand for the iframe (and yes, sorry I pasted the google iframe code by mistake, I meant only the object one).

    But what about codes like the ones below. Is there a risk that they will be sanitized in the future like the iframe tag?

    - a scroll box (so that long text takes less space): https://jsfiddle.net/zmaefpq7/

    <p>Some text</p>
    <div style="overflow: auto; resize: both; width: 510px; height: 110px; border: 1px solid; padding: 3px;">1<br />2<br />3<br />4<br />5<br />6<br />7<br />8<br />9<br />...</div>
    <p> </p>


    - a tooltip that is shown when hovering a text : https://jsfiddle.net/8j9wq20u/ (the CSS rules are part of a custom TinyMCE plugin that I add into the zotero.jar) :

    <p><span class="tooltiphovertitle">reference<span class="tooltiphovertext">Hidden text</span></span></p>



    - an anchor :

    <span><a id="'myanchorID'">&nbsp</a></span>


This is an old discussion that has not been active in a long time. Before commenting here, you should strongly consider starting a new discussion instead. If you think the content of this discussion is still relevant, you can link to it from your new discussion.

Sign In or Register to comment.