SafeIframe not working out of box

It seems like SafeIframes is not turned on out of the box, and I haven't been able to figure out where it needs to be turned on. The INSTALL doc doesn't say where the configuration settings are located?

Here is the input value:

<iframe width="420" height="315" src="http://www.youtube.com/embed/rEM6KBcsWGU?rel=0" frameborder="0" allowfullscreen></iframe>

Here's my php:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);

$dirty_html = $_POST['EmbedCode'];
$clean_html = $purifier->purify($dirty_html);
$_cEmbedCode = mysql_real_escape_string($clean_html);

HTMLpurifier is deleting the entire input.

I'm making a little progress in solving my problem.

My first mistake was looking for configuration settings in the htmlpurifier files. I have learned that settings are done in the php on my page, so I added $config->set('HTML.SafeIframe', true); to my php:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$purifier = new HTMLPurifier($config);

Which now turns this:

<iframe width="420" height="315" src="http://www.youtube.com/embed/rEM6KBcsWGU?rel=0" frameborder="0" allowfullscreen></iframe>

into this:

<iframe width="420" height="315" frameborder="0"></iframe>

So I'm making progress, but I haven't solved my problem. Next I believe I need to set URI.SafeIframeRegexp, but I don't know how to do that correctly.

What regexes have you tried?

I was hoping the regexs were provided by htmlpurifier -- I thought that was what was in URI.SafeIframeRegexp.

Pardon my ignorance.

So, it looks like I need a regex that will allow:

src="http://www.youtube.com/embed/rEM6KBcsWGU?rel=0"

That's the important part that's getting stripped out.

I suck at regex.

I'm trying this:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$config->set('URI.IframeWhitelistRegexp','%^http://www.youtube.com/embed/%');
$purifier = new HTMLPurifier($config);

and getting this:

Warning: Cannot set undefined directive URI.IframeWhitelistRegexp to value in /home/jimbursch/mymindshare.com/b/htmlpurifier/library/HTMLPurifier/Config.php on line 693

That's because you've got the wrong name. It's %URI.SafeIframeRegexp

D'oh! OK -- for the next guy, here's the code that works to activate SafeIframe, which goes on your php:

require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp','%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%');
$purifier = new HTMLPurifier($config);

I'd like to suggest adding the following to the documentation:

Here: http://htmlpurifier.org/live/configdoc/plain.html#HTML.SafeIframe add this as example to insert in user's php: $config->set('HTML.SafeIframe', true);

and here: http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp add this as example to insert in user's php: $config->set('URI.SafeIframeRegexp','%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%');

Thanks!!!