Hi @faou
I hope you are doing well today.
When it comes to iframe and scripts, Forminator by default removes those tags due to security reasons. However, you can use this code as a mu-plugin:
<?php
if ( ! function_exists( 'wpmudev_forminator_enable_iframe' ) ) {
function wpmudev_forminator_enable_iframe() {
$form_exists = has_shortcode( get_the_content(), 'forminator_form' );
if ( $form_exists ) {
?>
<script type="text/javascript">
(($, d) => {
$(d).ready(function() {
$("#forminator-module-1609 #html-1").html('<iframe src="URL"width="100%" height="800" frameBorder="0">');
});
})(jQuery, document);
</script>
<?php
}
}
add_action( 'wp_footer', 'wpmudev_forminator_enable_iframe', 9999 );
}
Please note, that you should update the form ID (1609) and HTML-1 to your html field. Also, replace the URL with the correct one.
Please find more details here about how to add mu-plugin: https://wpmudev.com/docs/using-wordpress/installing-wordpress-plugins/#installing-mu-plugins
As for ampersand issue can you try this updated code:
<?php
add_filter( 'forminator_form_submit_response', 'wpmudev_fix_response_url_redirect', 20, 2 );
add_filter( 'forminator_form_ajax_submit_response', 'wpmudev_fix_response_url_redirect', 20, 2 );
function wpmudev_fix_response_url_redirect( $response, $form_id ) {
if ( $form_id != 6 ) {
return $response;
}
if ( ! empty( $response['url'] ) ) {
$response['url'] = urldecode($response['url']);
$response['url'] = str_replace('#038;', '&', $response['url']);
}
return $response;
}
Kind Regards,
Kris
Thread Starter
FAOU
(@faou)
Thank you for your quick response! Grateful for your help!
You said that Forminator disables scripts and iframes due to security concerns. What are those concerns? I do not want to compromise our site or any others we work on, but I do not understand how allowing the creator of the form to put in scripts and iframes in the HTML fields (or HTML shown after the form submission) compromises a site’s security. I want to understand before using your code. Also, does Forminator have any plans to enable this in a future update?
Upon further research, I now think the ampersand being replaced with & is not an issue. Somehow, while learning HTML, I never learned ampersands were supposed to be escaped in attributes. I don’t even usually see HTML written like that. Apologies for my mistake.
Hi @faou,
Hope this message finds you well.
Is not only Forminator text editor, <iframe> tag is also removed by WordPress, this is due to malware injections usually use this tag.
The code provided by our devs is secure to use, you should not enable any security breach on your site.
When it comes to Forminator text editor, no, our team will not allow <iframe> tags in the future.
Let us know if you require additional assistance.
Best regards,
Laura
Hello @faou 00kevin,
I hope we were able to address your query.
As we haven’t heard back from you for some time, I’ll be marking this topic as resolved for now. Please feel free to reply in case you have further questions.
Best Regards,
Dmytro
