iframe Error problem

richam · 2019-12-13 20:00:54

Just more troubleshooting information. When I tried to update an album that used "onclick" to open a new window, I got the same error as I did when using iframe.

Please take it as a bug report; not looking for reply.

rod barbee · 2019-12-13 21:55:25

Ben, here’s a link to the post discussing the error that appears when updating an album that has iframe code in a content area:
http://community.theturninggate.net/vie … 620#p62620

rod barbee · 2019-12-13 22:00:31

Mike,
Not sure if I asked this already, but are you using the most current Publisher plugin?
You can download it from your Backlight Modules Page?

richam · 2019-12-14 16:03:25

Rod, Yes. Latest plugin downloaded and installed.

Ben · 2019-12-16 06:22:50

Can you post the onclick code here.

FWIW, copy fields were only ever designed for copy, not complex markup and JavaScript. I will have a look to see whether there’s anything in our code that can enable this but I can’t promise anything.

Can you see whether the Publisher entry within the LR plugin manager shows any errors immediately after seeing this issue? Also if you can find the ttg.log file in the Documents directory of you Mac immediately after seeing the error, and email it to me?

Matthew · 2019-12-16 07:03:42

FWIW, Lightroom has never been good at passing code through its metadata fields, and we've forever discouraged users trying to do this, specifically because it is not reliable. We can attempt to make certain allowances as we're able, but at the end of the day, Lightroom does what Lightroom does, and ¯\_(ツ)_/¯ ...

If at all possible, I advise trying to work out a more hardened solution, hopefully via PHPlugins. This is something that both you (the user) and we (the developers) have greater control over.

Ben · 2019-12-16 13:17:40

Looking into this, this looks to be a server issue. Perhaps a security layer that is balking at receiving submissions that contain JS and iframes, which could be construed as a cross-site scripting attack. Are you running a security layer on your server, such as mod_security? If so, can you look for errors in the security logs, or if you're able to, temporarily disable the security service.

On that, who are you hosting with?

Note that we only classify something as a bug after triaging it. A failure on your setup doesn't necessarily make it a bug in our code. As this can't be replicated by others then that does seem to be the case. It works without issue with me, using LR on a Mac.

As Matt has suggested, we strongly recommend other approaches when trying to add code to pages, irrespective of the cause of this particular problem.

richam · 2019-12-16 17:06:41

Ben wrote:

Can you post the onclick code here.

richam · 2019-12-16 17:18:47

Ben wrote:

Looking into this, this looks to be a server issue. Perhaps a security layer that is balking at receiving submissions that contain JS and iframes, which could be construed as a cross-site scripting attack. Are you running a security layer on your server, such as mod_security? If so, can you look for errors in the security logs, or if you're able to, temporarily disable the security service.
On that, who are you hosting with?
Note that we only classify something as a bug after triaging it. A failure on your setup doesn't necessarily make it a bug in our code. As this can't be replicated by others then that does seem to be the case. It works without issue with me, using LR on a Mac.
As Matt has suggested, we strongly recommend other approaches when trying to add code to pages, irrespective of the cause of this particular problem.

I use BlueHost and as far as I know, no security layer. Perhaps you could advise me how to double check it.
I'm a user, not a developer, so sorry for my mis-use of the term "bug." Just assume I meant anomaly.
I got around the iframe anomaly with php and help from Rod and Daniel. Much appreciated.

Ben · 2019-12-16 21:21:13

Thanks. The key point here seems to be Bluehost. It is rejecting the requests with iframes and onclick in the contents. I've been able to replicate it with my own Bluehost account. It's likely to be a security layer called mod_security. This intercepts requests on the server before they reach Backlight. I haven't yet found a way to disable mod_security, to verify that it's the cause.

richam · 2019-12-17 00:21:10

Ben wrote:

Thanks. The key point here seems to be Bluehost. It is rejecting the requests with iframes and onclick in the contents. I've been able to replicate it with my own Bluehost account. It's likely to be a security layer called mod_security. This intercepts requests on the server before they reach Backlight. I haven't yet found a way to disable mod_security, to verify that it's the cause.

Strange that it generates an error if publishing via LR, but with Backlight publisher in a browser, no error.

rod barbee · 2019-12-17 00:53:47

richam wrote:

Ben wrote:
Can you post the onclick code here.
<html>
<a onclick="window.open(this.href); return false;" href="http://www.michaelrichardsphotography.com/galleries/personal/shs1957/"><i class="icon-external-link"></i>
</html>

the anchor tag needed closing and the <html> tags are not needed, but after changing those, the code works for me. I'm on Bluehost as well.

this code is working for me:

<a onclick="window.open(this.href); return false;" href="http://www.michaelrichardsphotography.com/galleries/personal/shs1957/">external link</a>

richam · 2019-12-17 01:43:44

Rod,
The onclick had been working ok on my site (with the closing </a> which I inadvertently omitted here). I had published it about 2 years ago from the LR plugin. Everything fine until I recently tried to publish a photo update through LR plugin. That's when I got the error. It seems the old LR and plugin versions were more tolerant of code in the text content blocks. It's only with the latest versions of LR Classic and the plugin that I get the errors.

rod barbee · 2019-12-17 02:21:01

I’ve got the latest LR Classic as well as the TTG Publisher. (On Windows 10)
I’ve added the code in the LR Publisher copy area, made changes to images and added images and have not had any errors.
This is really strange.

richam · 2019-12-17 02:27:52

Rod, I just tried publishing your onclick code in a test album. After about 4-5 seconds, it came back:

"Can’t rename the published collection.
Error performing function. (Code: 406)"

rod barbee · 2019-12-17 02:32:57

must be that mod_security thing Ben was talking about

Matthew · 2019-12-17 03:47:28

So the point of the thing is just to open the link in a new window. Try instead:

<a href="..." target="_blank" rel="noopener">...</a>

richam · 2019-12-17 16:35:44

Matthew wrote:

So the point of the thing is just to open the link in a new window. Try instead:
<a href="..." target="_blank" rel="noopener">...</a>

Thanks for the code idea, it seems to work. But the actual point was why iframe and onclick won't publish via the LR plugin, but will publish OK using Backlight publisher in a browser. I have trouble getting my head around this -- how can this be a BlueHost problem? Maybe it can, but I can't see it.

Ben · 2019-12-17 21:14:54

richam wrote:

Matthew wrote:
So the point of the thing is just to open the link in a new window. Try instead:
<a href="..." target="_blank" rel="noopener">...</a>
Thanks for the code idea, it seems to work. But the actual point was why iframe and onclick won't publish via the LR plugin, but will publish OK using Backlight publisher in a browser. I have trouble getting my head around this -- how can this be a BlueHost problem? Maybe it can, but I can't see it.

The clients are two different technologies. Lightroom submits the form data in a different way to how a web form does. LR submits parameters as a JSON object with a checksum produced from the API Key and contents of the JSON object. The web is just a form submission. Two approaches, one of which seems to get past whatever mechanisms Bluehost has in place, one of them that doesn't.
At this point this is bordering on a won't-fix status. An edge case on one host with contents that the fields are not intended for when we provide a more robust and better-suited approach in PHPlugins.

Community @ The Turning Gate

#1 2019-12-13 20:00:54

iframe Error problem

#2 2019-12-13 21:55:25

Re: iframe Error problem

#3 2019-12-13 22:00:31

Re: iframe Error problem

#4 2019-12-14 16:03:25

Re: iframe Error problem

#5 2019-12-16 06:22:50

Re: iframe Error problem

#6 2019-12-16 07:03:42

Re: iframe Error problem

#7 2019-12-16 13:17:40

Re: iframe Error problem

#8 2019-12-16 17:06:41

Re: iframe Error problem

#9 2019-12-16 17:18:47

Re: iframe Error problem

#10 2019-12-16 21:21:13

Re: iframe Error problem

#11 2019-12-17 00:21:10

Re: iframe Error problem

#12 2019-12-17 00:53:47

Re: iframe Error problem

#13 2019-12-17 01:43:44

Re: iframe Error problem

#14 2019-12-17 02:21:01

Re: iframe Error problem

#15 2019-12-17 02:27:52

Re: iframe Error problem

#16 2019-12-17 02:32:57

Re: iframe Error problem

#17 2019-12-17 03:47:28

Re: iframe Error problem

#18 2019-12-17 16:35:44

Re: iframe Error problem

#19 2019-12-17 21:14:54

Re: iframe Error problem

Board footer