Need help? Check out our Support site, then


<iframe> workaround for Google Calendar?

  1. Hi
    I am new to wordpress.com - I know wordpress.com does not allow <iframe>, <embed>, JS, etc for security reasons. Just finished reading the other posts on the subject and the support page.

    However, I do understand that there is a whitelist for certain partner websites. I am trying to embed my Google calendar on my blog using <iframe> which naturally gets stripped by the browser and I am left with the src part (which BTW the clever software turns into ). I obviously just want the frame to display. The code is:
    <iframe src="https://www.google.com/calendar/b/0/embed?showTitle=0&amp... style=" border-width:0 " width="800" height="600" frameborder="0" scrolling="no">

    Can someone suggest a workaround or can the support please include Google Calendar on the whitelist?

    Thanks

  2. There is no "code whitelist." If they let anyone paste the code in, who is to say they don't modify it before they insert it so that it introduces a security threat? The problem is wordpress has to be in control, so that they can ensure security. In other words, they have to take access to it, and control of it, out of the user's hands.

    People have been asking for google calendar almost as long as I've been here, and it hasn't arrived, but make sure and send your request directly into staff so they can log it into their feature request system. No guarantees it will ever show up, but make sure and let them know you want it.

    http://en.support.wordpress.com/contact/

  3. Well I did email them...I guess this will remain a feature request forever!

    Agreed, wordpress has to be in control....but there should be a whitelist...or some sort of ability to take parts of the web and fit them into your own blog.

  4. A white list does no good since anyone could modify the code to do nasty things. It would have to be something that staff implemented in the backend so that they had control over it and all you were allowed to do was to enter a URL or something.

    There are simply countless examples out there where someone has taken a plugin or some code for something popular, modified the code for nefarious reasons and then offered it for download and unsuspecting people have installed it and killed their site. This happens with themes as well and the typical thing inserted into themes is malware that will try and install bad stuff on your visitor's computers.

    Sad but true.

  5. I was surprised there was not already a custom calendar widget. I sent my request in to support to consider adding this.

  6. Have you read this?

    If you are familiar with HTML, you’ll notice that codes such as embed, frame, iframe, form, input, object, textarea and others are missing from the above list. Those codes are not allowed on WordPress.com for security reasons. http://en.support.wordpress.com/code/#html-tags

Topic Closed

This topic has been closed to new replies.

About this Topic