SafeIframe not working out of box

Re: SafeIframe not working out of box

jimbursch — Wed, 07 Mar 2012 09:20:18 -0500

D'oh! OK -- for the next guy, here's the code that works to activate SafeIframe, which goes on your php:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp','%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%');
$purifier = new HTMLPurifier($config);

I'd like to suggest adding the following to the documentation:

Here: http://htmlpurifier.org/live/configdoc/plain.html#HTML.SafeIframe add this as example to insert in user's php: $config->set('HTML.SafeIframe', true);

and here: http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp add this as example to insert in user's php: $config->set('URI.SafeIframeRegexp','%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%');

Thanks!!!

Re: SafeIframe not working out of box

Ambush Commander — Tue, 06 Mar 2012 22:25:06 -0500

That's because you've got the wrong name. It's %URI.SafeIframeRegexp

Re: SafeIframe not working out of box

jimbursch — Tue, 06 Mar 2012 19:08:11 -0500

I'm trying this:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$config->set('URI.IframeWhitelistRegexp','%^http://www.youtube.com/embed/%');
$purifier = new HTMLPurifier($config);

and getting this:

Warning: Cannot set undefined directive URI.IframeWhitelistRegexp to value in /home/jimbursch/mymindshare.com/b/htmlpurifier/library/HTMLPurifier/Config.php on line 693

Re: SafeIframe not working out of box

jimbursch — Tue, 06 Mar 2012 18:24:11 -0500

So, it looks like I need a regex that will allow:

src="http://www.youtube.com/embed/rEM6KBcsWGU?rel=0"

That's the important part that's getting stripped out.

I suck at regex.

Re: SafeIframe not working out of box

jimbursch — Tue, 06 Mar 2012 18:11:29 -0500

I was hoping the regexs were provided by htmlpurifier -- I thought that was what was in URI.SafeIframeRegexp.

Pardon my ignorance.

Re: SafeIframe not working out of box

Ambush Commander — Tue, 06 Mar 2012 18:08:19 -0500

What regexes have you tried?

Re: SafeIframe not working out of box

jimbursch — Tue, 06 Mar 2012 13:09:44 -0500

I'm making a little progress in solving my problem.

My first mistake was looking for configuration settings in the htmlpurifier files. I have learned that settings are done in the php on my page, so I added $config->set('HTML.SafeIframe', true); to my php:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$purifier = new HTMLPurifier($config);

Which now turns this:

http://www.youtube.com/embed/rEM6KBcsWGU?rel=0" frameborder="0" allowfullscreen>

into this:

So I'm making progress, but I haven't solved my problem. Next I believe I need to set URI.SafeIframeRegexp, but I don't know how to do that correctly.

SafeIframe not working out of box

jimbursch — Mon, 05 Mar 2012 09:59:04 -0500

It seems like SafeIframes is not turned on out of the box, and I haven't been able to figure out where it needs to be turned on. The INSTALL doc doesn't say where the configuration settings are located?

Here is the input value:

http://www.youtube.com/embed/rEM6KBcsWGU?rel=0" frameborder="0" allowfullscreen>

Here's my php:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);

$dirty_html = $_POST['EmbedCode'];
$clean_html = $purifier->purify($dirty_html);
$_cEmbedCode = mysql_real_escape_string($clean_html);

HTMLpurifier is deleting the entire input.