Welcome! » Log In » Create A New Profile

using data-oembed-url attribute on div

Posted by scott shipman 
scott shipman
using data-oembed-url attribute on div
October 02, 2015 12:34AM

Is it possible to use any of the widget api functions, such as oembed with HTML purifier? The purpose here is that ckeditor can allow iframes to render in the editor by wrapping them in a div tag with the attribute data-oembed-url.


<div data-oembed-url="https://www.youtube.com/embed/5mZovjRlkWs">
<div style="left: 0px; width: 100%; height: 0px; position: relative; padding-bottom: 56.2493%;"><iframe allowfullscreen="true" frameborder="0" mozallowfullscreen="true" src="https://www.youtube.com/embed/5mZovjRlkWs?wmode=transparent&amp;rel=0&amp;autohide=1&amp;showinfo=0&amp;enablejsapi=1" style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;" webkitallowfullscreen="true"></iframe></div>

I have tried to push my own attributes into core with the following, but its not working and my data-oembed-url attribute is being stripped.

if ($def = $config->maybeGetRawHTMLDefinition()) {
        // our custom add-ons will go here
        $anon = $def->getAnonymousModule();
        $anon->attr_collections = array(
          &#039;Core&#039; => array(
            &#039;data-oembed-url&#039; => &#039;CDATA&#039;,
        $def->addAttribute(&#039;iframe&#039;, &#039;allowfullscreen&#039;, &#039;Bool&#039;);
        $def->addAttribute(&#039;div&#039;, &#039;style&#039;, &#039;CDATA&#039; );
        $def->addAttribute(&#039;div&#039;, &#039;data-oembed-url&#039;, &#039;CDATA&#039; );

Jeff Schaefer
Re: using data-oembed-url attribute on div
January 29, 2018 03:56PM

ckeditor creates this type of format when a youtube link is pasted in. Can anybody explain how to set the config to let it through....bonus points if you can just let youtube and vimeo through in the data-oembed-url

I've tried the documentation here http://htmlpurifier.org/live/configdoc/plain.html and I feel like I'm looking at the wrong thing. There are no examples and it doesn't really show any actual syntax that I can see. I would also like to know if the allow and allowedelements statements are adding to what is already configured, or if I need to list every single allowed thing by using this statement. MY goal is to allow a very permissive set of html and just strip out dangerous things like scripts, styles, iframes(except if it is a youtube or vimeo iframe).

If anybody can help point me in the right direction I would appreciate it.

Sorry, you do not have permission to post/reply in this forum.