Using Chtmlpurifier Safeiframe - Working

Yii version:1.1.13 (just in case it matters)

I am trying to allow YouTube iFrame code in blog posts.




//Allow HTML target attribute and YouTube iFrame

$content = $data->content;

$p = new CHtmlPurifier();

$p->options = array(

	'Attr.AllowedFrameTargets'=> array('_blank'), 

	'HTML.Allowed'=> 'p,a[href|target],strong,em,br',

	'HTML.SafeIframe'=> true,

	'URI.SafeIframeRegexp'=>'%^http://(www.youtube.com/embed/)%',

);

$content = $p->purify($content);



The YouTube iFrame code


<iframe width="560" height="315" src="http://www.youtube.com/embed/aXPP2SQuGSM?rel=0" frameborder="0" allowfullscreen></iframe>

does not get rendered into the post.

What am I doing wrong?

Thanks.

That regex is looking odd … Have you copied that from here?

After tpying around a bit: That regex is odd but working fine. Could you see if it helps to add “iframe” to the list of allowed elements? Kinda like a last straw, but hey … :rolleyes:

I have solved my problem. Since I was only allowing specific html tags with HTML.Allowed, I needed to add iframe and its attributes there as well. My working code:




	//Allow HTML target attribute and iframe for YouTube and Vimeo

	$content = $data->content;

	$p = new CHtmlPurifier();

	$p->options = array(

		'Attr.AllowedFrameTargets'=> array('_blank'), 

		'HTML.Allowed'=> 'p,a[href|target],strong,em,br,iframe[width|height|src|frameborder]',

		'HTML.SafeIframe'=> true,

		'URI.SafeIframeRegexp'=>'%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%',

	);

	$content = $p->purify($content);