Yii1 - HtmlPurifier 删除 allowfullscreen 属性
Yii1 - HtmlPurifier removes allowfullscreen attribute
我在我的 Yii 项目中使用以下配置来清除用户的输入,使用它对 HtmlPurifier 的内置支持
array(
'URI.AllowedSchemes' => array(
'http' => true,
'https' => true,
),
"HTML.SafeEmbed" => true,
'HTML.TargetBlank' => true,
"HTML.SafeIframe" => true,
"Filter.YouTube" => true,
'URI.SafeIframeRegexp' => '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'
),
例子:-
<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0" allowfullscreen></iframe>
Url 以上在净化后保存时会转换为以下 iframe 代码
<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0"></iframe>
我们怎样才能允许 allowfullscreen 属性安全?正则表达式中的任何更改是否会解决此问题或需要应用自定义解决方案?
There is already a useful link which will solve the answer.....We need to implement a custom class to allow the "allowfullscreen" attribute. This will add this attribute on purified iframe code.
Reference
http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/
Answered by Sonny
HTMLPurifier iframe Vimeo and Youtube video
Steps
1) Include the class from above url .
2) Set Filter.custom exactly in way shown in above url.
Setting Html Purifier options can be in different in frameworks.
使用 HtmlPurifier 配置中的下一个参数。
HTML.IframeAllowFullscreen: true
我在我的 Yii 项目中使用以下配置来清除用户的输入,使用它对 HtmlPurifier 的内置支持
array(
'URI.AllowedSchemes' => array(
'http' => true,
'https' => true,
),
"HTML.SafeEmbed" => true,
'HTML.TargetBlank' => true,
"HTML.SafeIframe" => true,
"Filter.YouTube" => true,
'URI.SafeIframeRegexp' => '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'
),
例子:-
<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0" allowfullscreen></iframe>
Url 以上在净化后保存时会转换为以下 iframe 代码
<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0"></iframe>
我们怎样才能允许 allowfullscreen 属性安全?正则表达式中的任何更改是否会解决此问题或需要应用自定义解决方案?
There is already a useful link which will solve the answer.....We need to implement a custom class to allow the "allowfullscreen" attribute. This will add this attribute on purified iframe code.
Reference http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/ Answered by Sonny HTMLPurifier iframe Vimeo and Youtube video
Steps
1) Include the class from above url .
2) Set Filter.custom exactly in way shown in above url.
Setting Html Purifier options can be in different in frameworks.
使用 HtmlPurifier 配置中的下一个参数。
HTML.IframeAllowFullscreen: true