How can I place a script in a post?

MikeOlson

I know that scripts can pose security issues but wondering if there is a way to allow admins to do it?

I have a gofundme campaign and I would like to post their embeddable widget into a topic.

Is there any way to do that?

Here is what I want to place in a topic:

<iframe class='gfm-media-widget' image='0' coinfo='0' width='100%' height='100%' frameborder='0' id='4fl7ayw'></iframe><script src='//funds.gofundme.com/js/5.0/media-widget.js'></script>

Caylus

So I would create discussion or a comment (doesn't matter what you type in there), and lookup the ID:

https://open.vanillaforums.com/discussion/34044/how-can-i-place-a-script-in-a-post#latest
^^ ID = 34044

https://open.vanillaforums.com/discussion/comment/249447/#Comment_249447
^^ ID = 249447

Then image you would like to replace those two posts with your snippet, this would be the plugin function you'd need:

    public function DiscussionController_AfterCommentFormat_handler($Sender) {
        $Type = $Sender->EventArguments['Type'];
        if ($Type === 'Discussion') {
            if($Sender->EventArguments['Discussion']->DiscussionID === 34044){
                     $Sender->EventArguments['Discussion']->FormatBody="<iframe class='gfm-media-widget' image='0' coinfo='0' width='100%' height='100%' frameborder='0' id='4fl7ayw'></iframe><script src='//funds.gofundme.com/js/5.0/media-widget.js'></script>";
            }
        } else {
            if($Sender->EventArguments['Object']->CommentID ===249447){
                     $Sender->EventArguments['Object']->FormatBody="<iframe class='gfm-media-widget' image='0' coinfo='0' width='100%' height='100%' frameborder='0' id='4fl7ayw'></iframe><script src='//funds.gofundme.com/js/5.0/media-widget.js'></script>";
            }
        }
    }

^^ With this code you and you alone can control exactly where a script is inserted. And no other script can be inserted than the script you want.

It's not the most pretty solution, but it's the safest I can think of.

MikeOlson

Interesting. Ok this might take a bit more time than I had thought. I have to head out of town for the weekend. but will take a look at this when I can. Thank you for the reply.

Caylus

To add to my answer: If you'd like to create a post like "Hey everyone check out this gofundme campaign [gofundmescript] Thanks a ton!" you can do that with this snippet:

public function replaceScriptTagWithRealScript($Body)
{
         $script="<iframe class='gfm-media-widget' image='0' coinfo='0' width='100%' height='100%' frameborder='0' id='4fl7ayw'></iframe><script src='//funds.gofundme.com/js/5.0/media-widget.js'></script>";
         $Body=str_replace('[gofundmescript]',$script,$Body);
         return $Body;
}
public function DiscussionController_AfterCommentFormat_handler($Sender) {
        $Type = $Sender->EventArguments['Type'];
        if ($Type === 'Discussion') {
            if($Sender->EventArguments['Discussion']->DiscussionID === 34044){
                     $Sender->EventArguments['Discussion']->FormatBody=replaceScriptTagWithRealScript($Sender->EventArguments['Discussion']->FormatBody);
            }
        }
        else {
            if($Sender->EventArguments['Object']->CommentID ===249447){
                     $Sender->EventArguments['Object']->FormatBody=replaceScriptTagWithRealScript($Sender->EventArguments['Object']);
            }
        }
    }

I would still include the DiscussionID/CommentID check, to make sure other people can't create posts with just "[gofundmescript][gofundmescript][gofundmescript]" (x1000)

And here's the link to the create your own plugin tutorial btw, I forgot to post it:
http://docs.vanillaforums.com/developer/plugins/quickstart/