Yii Framework Forum: Using Chtmlpurifier Safeiframe - Working - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Using Chtmlpurifier Safeiframe - Working How do I allow YouTube? Rate Topic: -----

#1 User is offline   joev 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 41
  • Joined: 21-December 11
  • Location:NYC

Posted 21 February 2013 - 04:31 PM

Yii version:1.1.13 (just in case it matters)

I am trying to allow YouTube iFrame code in blog posts.

//Allow HTML target attribute and YouTube iFrame
$content = $data->content;
$p = new CHtmlPurifier();
$p->options = array(
	'Attr.AllowedFrameTargets'=> array('_blank'), 
	'HTML.Allowed'=> 'p,a[href|target],strong,em,br',
	'HTML.SafeIframe'=> true,
	'URI.SafeIframeRegexp'=>'%^http://(www.youtube.com/embed/)%',
);
$content = $p->purify($content);


The YouTube iFrame code
<iframe width="560" height="315" src="http://www.youtube.com/embed/aXPP2SQuGSM?rel=0" frameborder="0" allowfullscreen></iframe>
does not get rendered into the post.

What am I doing wrong?

Thanks.
0

#2 User is offline   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,222
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 21 February 2013 - 04:51 PM

That regex is looking odd ... Have you copied that from here?
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#3 User is offline   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,222
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 21 February 2013 - 05:03 PM

After tpying around a bit: That regex is odd but working fine. Could you see if it helps to add "iframe" to the list of allowed elements? Kinda like a last straw, but hey ... :rolleyes:
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#4 User is offline   joev 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 41
  • Joined: 21-December 11
  • Location:NYC

Posted 21 February 2013 - 05:33 PM

I have solved my problem. Since I was only allowing specific html tags with HTML.Allowed, I needed to add iframe and its attributes there as well. My working code:
	//Allow HTML target attribute and iframe for YouTube and Vimeo
	$content = $data->content;
	$p = new CHtmlPurifier();
	$p->options = array(
		'Attr.AllowedFrameTargets'=> array('_blank'), 
		'HTML.Allowed'=> 'p,a[href|target],strong,em,br,iframe[width|height|src|frameborder]',
		'HTML.SafeIframe'=> true,
		'URI.SafeIframeRegexp'=>'%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%',
	);
	$content = $p->purify($content);

0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users