SafeIframe not working for me Hi, Thanks for HTMLPurifier! I've been trying to get iframes to go through but haven't been successful. Here's a snippet of the code: $CI =& CI_Base::get_instance(); $CI->load->library('HTMLPurifier'); $oConfig = HTMLPurifier_Config::createDefault(); $oConfig->set('Cache', 'SerializerPath', rtrim($CI->config->item('cache_path'), "/")); $oConfig->set('HTML', 'DefinitionRev', 3); // Increment this number if you change any configs so that the cache is refreshed $oConfig->set('HTML.SafeIframe', true); /* $oConfig->set('URI.IframeWhitelistRegexp', array( '/^https?:\/\/www\.youtube\.com\/embed\/[a-zA-Z0-9]+$/', '/^https?:\/\/player\.vimeo\.com\/video\/[0-9]+$/' ));*/ $oConfig->set('URI.IframeWhitelistRegexp', array('%%')); I incremented DefinitionRev as instructed. I'm loading it with CodeIgniter. And you can see my commented-out attempt at a whitelist. Thanks so much for any help! http://htmlpurifier.org/phorum/read.php?3,6224,6224#msg-6224 Tue, 21 May 2013 20:57:20 -0400 Phorum 5.2.18 http://htmlpurifier.org/phorum/read.php?3,6224,6231#msg-6231 Re: SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6231#msg-6231 Can you post your full code to reproduce? Do you have magic quotes turned on?

]]> Ambush Commander Support Sat, 25 Feb 2012 12:34:04 -0500 http://htmlpurifier.org/phorum/read.php?3,6224,6230#msg-6230 Re: SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6230#msg-6230 Still not working. I also tried the regex from the documentation that was supposed to match YouTube and Vimeo.

]]> Brett W. Thompson Support Sat, 25 Feb 2012 12:05:58 -0500 http://htmlpurifier.org/phorum/read.php?3,6224,6229#msg-6229 Re: SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6229#msg-6229 Actually, I think I may have misdiagnosed your original regex; it should have been an always match regex. What happens if you don't put it in an array?

]]> Ambush Commander Support Thu, 23 Feb 2012 17:57:59 -0500 http://htmlpurifier.org/phorum/read.php?3,6224,6228#msg-6228 Re: SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6228#msg-6228 Thanks for the reply!

I tried this:

                                $oConfig->set('HTML.SafeIframe', true);
                                $oConfig->set('URI.IframeWhitelistRegexp', '/^https?:\/\/player\.vimeo\.com\/video\/[0-9]+.*$/');

I'm trying to match:

<iframe src="http://player.vimeo.com/video/20452240?title=0&amp;byline=0&amp;portrait=0&amp;color=ffffff" width="640" height="424" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>

Still it's getting removed.

]]> brettwthompson Support Thu, 23 Feb 2012 17:53:43 -0500 http://htmlpurifier.org/phorum/read.php?3,6224,6227#msg-6227 Re: SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6227#msg-6227 Array is not a valid value. You need to combine the regexes manually. (This is arguably a UI bug but it is technically nontrivial to combine PHP regexes.)

]]> Ambush Commander Support Thu, 23 Feb 2012 17:47:15 -0500 http://htmlpurifier.org/phorum/read.php?3,6224,6226#msg-6226 Re: SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6226#msg-6226 Thanks for your reply.

I have the following now:


                                $CI =& CI_Base::get_instance();
                                $CI->load->library('HTMLPurifier');
                                $oConfig = HTMLPurifier_Config::createDefault();
                                $oConfig->set('Cache', 'SerializerPath', rtrim($CI->config->item('cache_path'), "/"));
//                              $oConfig->set('HTML', 'DefinitionRev', 3); // Increment this number if you change any configs so that the cache is refreshed
                                $oConfig->set('HTML.SafeIframe', true);
                                $oConfig->set('URI.IframeWhitelistRegexp', array(
                                  '/^https?:\/\/www\.youtube\.com\/embed\/[a-zA-Z0-9]+$/',
                                  '/^https?:\/\/player\.vimeo\.com\/video\/[0-9]+$/'
                                ));

but it still strips out an iframe from Vimeo.

Any help most appreciated.

]]> brettwthompson Support Thu, 23 Feb 2012 17:45:01 -0500 http://htmlpurifier.org/phorum/read.php?3,6224,6225#msg-6225 Re: SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6225#msg-6225 You don't need DefinitionRev since you're not doing any fancy custom config (I don't know where you got that from.)

The current regex you are passing only allows iframes with an EMPTY URL parameter.

]]> Ambush Commander Support Thu, 23 Feb 2012 15:45:07 -0500 http://htmlpurifier.org/phorum/read.php?3,6224,6224#msg-6224 SafeIframe not working for me http://htmlpurifier.org/phorum/read.php?3,6224,6224#msg-6224 Hi,

Thanks for HTMLPurifier!

I've been trying to get iframes to go through but haven't been successful. Here's a snippet of the code:

                                $CI =& CI_Base::get_instance();
                                $CI->load->library('HTMLPurifier');
                                $oConfig = HTMLPurifier_Config::createDefault();
                                $oConfig->set('Cache', 'SerializerPath', rtrim($CI->config->item('cache_path'), "/"));
                                $oConfig->set('HTML', 'DefinitionRev', 3); // Increment this number if you change any configs so that the cache is refreshed
                                $oConfig->set('HTML.SafeIframe', true);
/*                                $oConfig->set('URI.IframeWhitelistRegexp', array(
                                  '/^https?:\/\/www\.youtube\.com\/embed\/[a-zA-Z0-9]+$/',
                                  '/^https?:\/\/player\.vimeo\.com\/video\/[0-9]+$/'
                                ));*/
                                $oConfig->set('URI.IframeWhitelistRegexp', array('%%'));

I incremented DefinitionRev as instructed. I'm loading it with CodeIgniter. And you can see my commented-out attempt at a whitelist.

Thanks so much for any help!

]]> brettwthompson Support Thu, 23 Feb 2012 15:08:40 -0500