Please allow iframe and oter html

  • Author
  • #591658

    I would really appreciate it if WordPress could allow iframe and other html in posts, pages and widgets. I know this is a lot to ask, but I feel I should tell WordPress my position on the issue, just in case they’re contemplating anything relating to it.

    The blog I need help with is


    *Other. Sorry.



    Are you aware of the security issues that arise with iframe use on multiuser blogging platforms like this one? Are you aware of how Javascript works on multiuser blogging platforms like this one?

    Let me explain (for those who don’t already know) why can’t allow javascript on free hosted blogs on their wpMU (multi-user blogging platform.

    Blogs are served from {name} The WordPress cookie is delivered to any site that ends in Any Javascript on the page is legitimately allowed to look up cookies that would be sent to the domain it’s served from.

    This means that if you can run Javascript on a hosted WordPress page, you can retrieve the login cookie from another WordPress user, and then pass it to an external site. (Generally by creating an image reference that includes the encoded login cookie.)

    This is just a basic part of the underlying technology of the web browser, and it’s required for sites like gmail, Yahoo!, and others to operate.

    There are ways a site can avoid this problem (generally by constantly changing the login cookie data with EVERY response, and invalidating the old ones immediately), but they require more horsepower on the backend than the blogging sites are really able to provide, and there’s still usually a small window of opportunity.

    This is why Livejournal, WordPress, and most other hosted sites disallow Javascript on their pages.

    If you hire a web host and get a free software install from wordpress.ORG and set up your own freestanding blog then you can use Javascript and iframes because the ONLY security that will be subject to compromise will be on your blog. There will be no security risk to any other blog.



    Now lets deal with the HTML issue you bring forward in the context of theme hacking. We blogger cannot edit themes and templates underlying themes on blogs because we are on a multiuser blogging platform. All blogs wearing the same themes are in essence using the same underlying template. Only Staff can access those theme and template files and edit them because every edit made affects all blogs wearing the same theme.

    Continuing with the HTML issue. We frequently find that those who want to insert codes they consider to be HTML are actually attempting to post affiliate links and other advertising links or e-commerce shopping cart links or other links that drive traffic to third party sites sites. As the software is programmed to strip those links out they post for help.Well, that’s because we agreed to the Terms of Service here in order to get a free hosted blog.

    No blogger initiated advertising, retailing or reselling the work created or services provided by anyone other than yourself is allowed. E-commerce transactions via shopping carts and the like cannot be conducted on wordpress.COM blogs.

    The only advertising exceptions are for high traffic blogs that qualify for and are accepted into the Ad Control program, and for extremely high traffic blogs that qualify and are accepted into the paid VIP hosting program.

    The only exceptions with regard to affiliate links are found here:

    Affiliate marketing blogs: Blogs with the primary purpose of driving traffic to affiliate programs and get-rich-quick schemes (“Make six figures from home!!”, “20 easy steps to top profits!!”, etc). This includes multi-level marketing (MLM) blogs and pyramid schemes. To be clear, people writing their own original book, movie or game reviews and linking them to Amazon, or people linking to their own products on Etsy do NOT fall into this category.

    I hope the time I invested into typing all of this benefits you and all members who read this thread.

    There are two wordpress options – free hosted ( and self hosted ( if you want to have complete control over a blog hire a web host, get a free software install and do as you wish.




    Hi, I understand your arguments. But other blogs like allow embedded HTML Code (also for free). I would love to use for my e-learning project, but if it’s not possible to embed external applications the blog will not be very interactive. I would like to embed quizzes from and interactive images from or

    How can I do this, if embedding HTML is not possible?
    The workaround is nice but not a good solution. It’s time consuming and as we know, flash is not the first choice for accessible websites and blogs.

    I see also that other web services such as and do allow custom HTML Code. Maybe you should rethink your position.



    I was able to publish a quiz from directly on my Blog via Gigya. Great thing! I think this could really be an alternative solution if you don’t want to allow embedded HTML.

    Are there other web-based applications that allow to publish content directly on via Gigya? Do you have a list of these applications? Would be great!

    Thank you!

The topic ‘Please allow iframe and oter html’ is closed to new replies.