CODEWITHSUNDEEP
phpiframehtmlpurifier
NightMICU
NightMICU

Reputation: 9230

HTMLPurifier stripping out YouTube

I have been trying to configure HTMLPurifier to accept iframe for YouTube and Vimeo to no avail. Many posts related to this seem years out of date and/or simply do not work. The closest that I have been able to get is preserving the iframe but the src is stripped.

Here is what I have at the moment (iframe is removed on output). I realize this question has been asked countless times but nothing is working for me. Thanks in advance!

UPDATE

I also tried mewebstudio/Purifier, https://github.com/mewebstudio/Purifier, which even has default config settings for YouTube. The iframe is STILL being stripped. What am I missing?

// HTMLPurifier
    $config = \HTMLPurifier_Config::createDefault();

    $config->set('HTML.Doctype', 'HTML 4.01 Transitional');
    $config->set('AutoFormat.RemoveEmpty.Predicate', [
        'colgroup' =>
            [],
        'th' =>
            [],
        'td' =>
            [],
        'o:p' =>
            []
    ]);
    $config->set('AutoFormat.RemoveEmpty', true);
    $config->set('AutoFormat.RemoveEmpty.RemoveNbsp', true);
    $config->set('HTML.Allowed', 'p,span[style|class],a[href|title],abbr[title],acronym[title],b,strong,blockquote[cite],code,em,i,iframe[src|width|height],img[alt|title|class|src|height|width],h1,h2,h3,h3,ol,ul,li,table[class|style],tr,td,hr');
    $config->set('HTML.SafeIframe', true);
    $config->set('URI.SafeIframeRegexp', '%^(\/\/www\.youtube(?:-nocookie)?\.com\/embed\/|\/\/player\.vimeo\.com\/)%');

    $def = $config->getHTMLDefinition(true);
    $def->addAttribute('iframe', 'allowfullscreen', 'Bool');

    $purifier = new \HTMLPurifier($config);
    $input['body'] = $purifier->purify($input['body']);

Upvotes: 2

Views: 886

Answers (1)

NightMICU
NightMICU

Reputation: 9230

There were two issues with my original code. First, the regex was invalid - it did not account for http:. That was replaced with '%^(https?:)?(\/\/www\.youtube(?:-nocookie)?\.com\/embed\/|\/\/player\.vimeo\.com\/)%'

Secondly, $config->set('AutoFormat.RemoveEmpty', true); appears to be removing the iframe (which makes sense). Adding the following fixed this:

$config->set('AutoFormat.RemoveEmpty.Predicate', [
            'iframe' =>
                array (
                    0 => 'src',
                )
        ]);

Thanks to Edward Yang for his help on this!

Upvotes: 1

Related Questions