Entretoize
Reputation: 2251
URI.SafeIframeRegexp doesn't allow YouTube video with HTMLPurifier
I'm trying to allow youtube video with HTMLPurifier with that code:
require_once __DIR__.
'/lib/HTMLPurifier/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config - > set('URI.AllowedSchemes', array('data' => true)); //autoriser les image base64
$config - > set('HTML.MaxImgLength', null); //autoriser les dimensions en %
$config - > set('HTML.SafeIframe', true);
$config - > set('URI.SafeIframeRegexp', '%.+%'); //allow everything to test
$config - > set('HTML.Trusted', true); //trying
$config - > set('HTML.SafeObject', true); //also trying that
$purifier = new HTMLPurifier($config);
$html = $purifier - > purify($html);
But the iframe are saved without src.
Upvotes: 0
Views: 391
Answers (1)
pinkgothic
Reputation: 6179
URI.AllowedSchemes is a whitelist, which you're overwriting to include only the data schema here:
$config->set('URI.AllowedSchemes', array('data' => true));
To be able to use youtube URLs, you'll want to add https to the array at the very least.
For what it's worth, the default whitelist is:
array (
'http' => true,
'https' => true,
'mailto' => true,
'ftp' => true,
'nntp' => true,
'news' => true,
'tel' => true,
)
Remember to remove these settings again, too:
$config->set('HTML.Trusted', true);
$config->set('HTML.SafeObject', true);
And tighten up your regex for URI.SafeIframeRegexp.
Upvotes: 1
Related Questions
- HTMLPurifier Removing Allowfullscreen From YouTube Videos
- Allowing Youtube videos in HTML Purifier
- HTMLPurifier iframe Vimeo and Youtube video
- HTMLPurifier stripping out YouTube
- Why is HTML Purifier removing the src of a YouTube iframe?
- Allow embed/object/param HTML tags with HTMLPurifier?
- How to allow code in htmlpurifier
- Can't load youtube source in php script.
- Allow embed tag in HTMLPurifier?
- HTMLPurifier Not working?