Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

IFrame Remove Filter

502 sites Security covered
View on drupal.org

This module provides a filter for text formats that removes all iframes from content, except for those whose source URL is on a configurable whitelist. This helps prevent malicious iframe injections while still allowing trusted embeds.

IFrames are great old way to embed content of another site to yours. This also make it a good way to start a cross-site attack.

It's both good and bad thing to let your site users to add iframe in their contents. On one hand, if a users is doing "Full HTML" in their content, they would certainly want to embed iframe (YouTube, Google Maps). But if one of your users is naughty, or if your site is somehow hacked, they would want to sneak malicious iframe attack in, too.

Can we remove all the iframe(s), except the ones we trust?

That's what this module does.

It provides a filter that you may add to text formats (Full HTML, Filtered HTML). The filter will remove every iframe it found except "src" from the whitelist.

Easy to config. Easy to use.

Usage

  1. Open your site's admin interface
  2. Go to "Configruation" > "Text formats"
  3. Open "configure" of the text format that you want to apply the filter
  4. Check "iFrame removing filter"
  5. At "Filter Settings" > "iFrame removing filter", fill-in the whitelist domains. You need to put in 1 domain per line. You may use wildcard character "*" to match multiple characters
  6. Click "Save Configurations"

Activity

Total releases
3
First release
May 2025
Latest release
4 weeks ago
Releases (12 mo)
2 ▲ from 1
Maintenance
Active

Release Timeline

Releases

Version Type Release date
2.1.0 Stable Jun 18, 2026
2.1.x-dev Dev Jun 12, 2026
2.0.5 Stable May 7, 2025