HTMLPurifier iframe Vimeo and Youtube video

php video iframe xss htmlpurifier
swamprunner7 picture swamprunner7 · Jan 19, 2011 · Viewed 14.8k times · Source

How can I use HTMLPurifier to filter xss but also to allow iframe Vimeo and Youtube video?

require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Trusted', true);

$config->set('Filter.YouTube', true);
$config->set('HTML.DefinitionID', '1');
$config->set('HTML.SafeObject', 'true');
$config->set('Output.FlashCompat', 'true');

$config->set('HTML.FlashAllowFullScreen', 'true');

$purifier = new HTMLPurifier($config);
$temp = $purifier->purify($temp);

Answer

Malte picture Malte · Oct 8, 2012

HTMLPurifier version 4.4.0 has new configuration directives to allow YouTube and Vimeo iframes:

//allow iframes from trusted sources
$cfg->set('HTML.SafeIframe', true);
$cfg->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo

Related questions

How to embed YouTube videos in PHP?

Can anyone give me an idea how can we show or embed a YouTube video if we just have the URL or the Embed code?

Read More
Live Video Streaming with PHP

I have a PHP/AJAX/MYSQL chat application. I want to add video chatting to my application. How can I create live video streaming to be used for live video conferences/chatting in a PHP application. What are the key-terms …

Read More
Generate preview image from Video file?

Is there a way in PHP given a video file (.mov, .mp4) to generate a thumbnail image preview?

Read More