extended and invalid elements for tinymce

[Denis-de-Bernardy]

I've this code, which currently resides in a plugin:

add_filter('tiny_mce_before_init', array('sem_fixes', 'tiny_mce_config'));
function tiny_mce_config($o) {
	# http://forum.semiologic.com/discussion/4807/iframe-code-disappears-switching-visualhtml/
	# http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements#Full_XHTML_rule_set
	# assume the stuff below is properly set if they exist already
	
	if ( current_user_can('unfiltered_html') )
	{
		if ( !isset($o['extended_valid_elements']) )
		{
			$elts = array();
			
			$elts[] = "iframe[align<bottom?left?middle?right?top|class|frameborder|height|id"
				. "|longdesc|marginheight|marginwidth|name|scrolling<auto?no?yes|src|style"
				. "|title|width]";

			$elts = implode(',', $elts);

			$o['extended_valid_elements'] = $elts;
		}
	}
	else
	{
		if ( !isset($o['invalid_elements']) )
		{
			$elts = array();

			$elts[] = "iframe";
			$elts[] = "script";
			$elts[] = "form";
			$elts[] = "input";
			$elts[] = "button";
			$elts[] = "textarea";

			$elts = implode(',', $elts);

			$o['invalid_elements'] = $elts;
		}
	}
	
	return $o;
} # tiny_mce_config()

basically, users were complaining about being enable to insert an iframe in TinyMCE -- among many other things. shouldn't the above two be default settings?

if so, just let me know and I'll write the patch. if not, please close as invalid/wontfix.

[azaozz]

Many users copy and paste content from web pages and that usually inserts a number of html tags and styling without them realizing it (depending on the browser). Since the <iframe> has some security risks, better to enable it only for users that require it (via a plugin).

Also <iframe> is invalid in both HTML 4.1 Strict and XHTML 1.0 Strict and many themes use the strict DTD.

We can match the restrictions from kses in invalid_elements for non-admin users, although it would probably bring some "the editor mangles my code" complains.

[azaozz]

Seems plugin material.