SafeIframe not working for me

Hi,

Thanks for HTMLPurifier!

I've been trying to get iframes to go through but haven't been successful. Here's a snippet of the code:

                                $CI =& CI_Base::get_instance();
                                $CI->load->library('HTMLPurifier');
                                $oConfig = HTMLPurifier_Config::createDefault();
                                $oConfig->set('Cache', 'SerializerPath', rtrim($CI->config->item('cache_path'), "/"));
                                $oConfig->set('HTML', 'DefinitionRev', 3); // Increment this number if you change any configs so that the cache is refreshed
                                $oConfig->set('HTML.SafeIframe', true);
/*                                $oConfig->set('URI.IframeWhitelistRegexp', array(
                                  '/^https?:\/\/www\.youtube\.com\/embed\/[a-zA-Z0-9]+$/',
                                  '/^https?:\/\/player\.vimeo\.com\/video\/[0-9]+$/'
                                ));*/
                                $oConfig->set('URI.IframeWhitelistRegexp', array('%%'));

I incremented DefinitionRev as instructed. I'm loading it with CodeIgniter. And you can see my commented-out attempt at a whitelist.

Thanks so much for any help!

You don't need DefinitionRev since you're not doing any fancy custom config (I don't know where you got that from.)

The current regex you are passing only allows iframes with an EMPTY URL parameter.

Thanks for your reply.

I have the following now:

                                $CI =& CI_Base::get_instance();
                                $CI->load->library('HTMLPurifier');
                                $oConfig = HTMLPurifier_Config::createDefault();
                                $oConfig->set('Cache', 'SerializerPath', rtrim($CI->config->item('cache_path'), "/"));
//                              $oConfig->set('HTML', 'DefinitionRev', 3); // Increment this number if you change any configs so that the cache is refreshed
                                $oConfig->set('HTML.SafeIframe', true);
                                $oConfig->set('URI.IframeWhitelistRegexp', array(
                                  '/^https?:\/\/www\.youtube\.com\/embed\/[a-zA-Z0-9]+$/',
                                  '/^https?:\/\/player\.vimeo\.com\/video\/[0-9]+$/'
                                ));

but it still strips out an iframe from Vimeo.

Any help most appreciated.

Array is not a valid value. You need to combine the regexes manually. (This is arguably a UI bug but it is technically nontrivial to combine PHP regexes.)

Thanks for the reply!

I tried this:

                                $oConfig->set('HTML.SafeIframe', true);
                                $oConfig->set('URI.IframeWhitelistRegexp', '/^https?:\/\/player\.vimeo\.com\/video\/[0-9]+.*$/');

I'm trying to match:

<iframe src="http://player.vimeo.com/video/20452240?title=0&amp;byline=0&amp;portrait=0&amp;color=ffffff" width="640" height="424" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>

Still it's getting removed.

Actually, I think I may have misdiagnosed your original regex; it should have been an always match regex. What happens if you don't put it in an array?

Still not working. I also tried the regex from the documentation that was supposed to match YouTube and Vimeo.

Can you post your full code to reproduce? Do you have magic quotes turned on?