The site is done on Laravel 5.1, php 5.6.

In the admin panel I made punches for saving HTML blocks on the site (all sorts of banner codes, ad units, phones, etc.). Everything works fine and saves.

BUT! when I try to insert a video from Youtube via iframe code, the site does not save and writes in the logs:

[Thu Jan 07 11:11:10 2016] [error] [client 212.154.154.216] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/comodo/07_XSS_XSS.conf"] [line "96"] [id "212280"] [rev "1"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack"] [data "Matched Data: <iframe found within ARGS:html: <p><iframe src=\\x22https://www.youtube.com/embed/kepmgixlixw?rel=0&controls=0&showinfo=0\\x22 width=\\x22754\\x22 height=\\x22200\\x22 frameborder=\\x220\\x22 allowfullscreen=\\x22allowfullscreen\\x22></iframe></p>"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "< {0,1}iframe" at ARGS:html. [hostname "e-conditer.kz"] [uri "/blocks/saqtau"] [unique_id "Vo3zbn8AAAEADKwOSKkAAAAJ"]

Those. iframe does not save. How do I get around it? I still have to add video to the site.

    1 answer 1

     header("X-XSS-Protection: 0");

    But it is better not to do this if you are not sure that the content will not be filled by you.

    • it turns out video from Youtube cannot be added in general? - docxplusgmoon
    • it is possible, I had such a problem, it is connected with iframe, try to go to the youtube website -> Shared (under the video) -> Embed, there copy not the link, but the whole iframe - Khotey Vitaliy
    • but in order for the video to appear, you need the entire Iframe. Why do I need a link? Yes, I understand that the iframe tag I can add by specifying the link from Youtube. But I do not know the size of the video (width and height). In order to learn it you need to make a request to the youtube API. But that's not what I need - docxplusgmoon