CODEWITHSUNDEEP
phphtmliframehtmlpurifier
markahc
markahc

Reputation: 13

Why is HTML Purifier removing the src of a YouTube iframe?

I'm using HTML Purifier with the following configuration: 

    $config = HTMLPurifier_Config::createDefault();
    $config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
    $config->set('URI.DisableExternalResources', false);
    $config->set('Core.RemoveInvalidImg',true);
    $config->set('URI.DisableResources', false);
    $config->set('HTML.Allowed', 'p[align|style],strong,b,em,table[class|width|cellpadding],td,tr,h3,h4,h5,hr,br,u,ul,ol,li,img[src|width|height|alt|class],iframe[src|width|height|alt|class|frameborder|allowfullscreen],span[class],strike,sup,sub');
    $config->set('HTML.SafeIframe', true);
    $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo
    $purifier = new HTMLPurifier($config);

When I pass a YouTube embed code:

<iframe width="560" height="315" src="http://www.youtube.com/embed/nS8xiUlYNO0"           frameborder="0" allowfullscreen></iframe>

The following occurs on output (no src):

<iframe width="560" height="315" src="" frameborder="0"></iframe>

Why is the src being removed?

Upvotes: 0

Views: 1955

Answers (1)

dsturbid
dsturbid

Reputation: 2086

I changed the the regexp to this:

%(www.youtube.com/embed)%

The regexp they gave on the site didn't seem to work. Youtube have moved to a relative protocol "//www.youtube.com/embed/123456"

Also, allowfullscreen is not a supported attribute for iframe out of the box in HTML Purifier. This might be causing a problem also

Upvotes: 2

Related Questions