Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

HTMLText Iframe content 403 forbidden


2 Posts   1661 Views


30 May 2011 at 11:07am Community Member, 90 Posts

Hey. guys.

i have encounterred a strange probelm with HTMLText iframe within ss2.4.5.
Well, basically i have created a google_map_widgets for handling [google map iframes].

I have get it working on my local machine. LAMP, but once i put it onto web live server, it wont let me save the <iframe> content.

It's shown 403 forbidden.

if i am inserting anyother content even "<ifram" is fine. seems the iframe is not allowed saving to cms backend. very stange.

I do find out some suggestions, some say it could be a validator thing, so i turn off the js validator, using

HtmlEditorConfig::get('cms')->setOption('verify_html', 'false');// turn off html validation

HtmlEditorConfig::get('cms')->setOption('extended_valid_elements', "+iframe[src|width|height]");

not really works..

Just wonder why it works with my local but not live server. IS that could be a php or apache setting things that play the trick?!

Any insight will be great helpful.


parts of code listed:

   static $db=array(


   function getCMSFields(){
            return new FieldSet(
               new TextField("GoogleLocationName","Google Location Name"),
               new TextAreaField("GoogleLocationURL","Google Location URL"),
               new TextField("Street","Street"),
               new TextField("Suburb","Suburb"),
               new TextField("City","City"),
               new TextField("Country","Country"),
               new TextField("ContactNo","ContactNo"),
               new CheckBoxField('ShowBusinessDetail','Show Business Detail on this Widget')


31 May 2011 at 9:45am Community Member, 90 Posts

Well, i did find out this was coz by the apache modSecurity on the live server.
Trying to turn off the modSecurity. it works.

Also modify the line for the parrten may do the trick.