Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

HTMLText Iframe content 403 forbidden

Go to End

2 Posts   3047 Views


Community Member, 90 Posts

30 May 2011 at 11:07am

Hey. guys.

i have encounterred a strange probelm with HTMLText iframe within ss2.4.5.
Well, basically i have created a google_map_widgets for handling [google map iframes].

I have get it working on my local machine. LAMP, but once i put it onto web live server, it wont let me save the <iframe> content.

It's shown 403 forbidden.

if i am inserting anyother content even "<ifram" is fine. seems the iframe is not allowed saving to cms backend. very stange.

I do find out some suggestions, some say it could be a validator thing, so i turn off the js validator, using

HtmlEditorConfig::get('cms')->setOption('verify_html', 'false');// turn off html validation

HtmlEditorConfig::get('cms')->setOption('extended_valid_elements', "+iframe[src|width|height]");

not really works..

Just wonder why it works with my local but not live server. IS that could be a php or apache setting things that play the trick?!

Any insight will be great helpful.


parts of code listed:

static $db=array(


function getCMSFields(){

return new FieldSet(

new TextField("GoogleLocationName","Google Location Name"),

new TextAreaField("GoogleLocationURL","Google Location URL"),

new TextField("Street","Street"),

new TextField("Suburb","Suburb"),

new TextField("City","City"),

new TextField("Country","Country"),

new TextField("ContactNo","ContactNo"),

new CheckBoxField('ShowBusinessDetail','Show Business Detail on this Widget')




Community Member, 90 Posts

31 May 2011 at 9:45am

Well, i did find out this was coz by the apache modSecurity on the live server.
Trying to turn off the modSecurity. it works.

Also modify the line for the parrten may do the trick.