phpregexiframeyiihtmlpurifier

Yii1 - HtmlPurifier removes allowfullscreen attribute


I am using below configuration to clean the input from user in my Yii project using its inbuilt support for HtmlPurifier

array(
        'URI.AllowedSchemes' => array(
            'http' => true,
            'https' => true,
        ),
        "HTML.SafeEmbed" => true,
        'HTML.TargetBlank' => true,
        "HTML.SafeIframe" => true,
        "Filter.YouTube" => true,
        'URI.SafeIframeRegexp' => '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'
    ),

Example:-

<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0" allowfullscreen></iframe>

Above Url when saved after purifying gets converted to below iframe code

<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0"></iframe>

How can we allow allowfullscreen attribute as safe ? Does any change in regex will solve this or need to apply a custom solution ?


Solution

  • There is already a useful link which will solve the answer.....We need to implement a custom class to allow the "allowfullscreen" attribute. This will add this attribute on purified iframe code.

    Reference http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/ Answered by Sonny HTMLPurifier iframe Vimeo and Youtube video

    Steps

    1) Include the class from above url .

    2) Set Filter.custom exactly in way shown in above url.

    Setting Html Purifier options can be in different in frameworks.