1. 首页
  2. 问答
  3. HTMLPurifier iframe Vimeo和Youtube视频

HTMLPurifier iframe Vimeo和Youtube视频

2011-01-19 218 views
11

如何使用HTMLPurifier来过滤xss,而且还允许iframe Vimeo和Youtube视频?HTMLPurifier iframe Vimeo和Youtube视频

require_once 'htmlpurifier/library/HTMLPurifier.auto.php'; 
$config = HTMLPurifier_Config::createDefault(); 
$config->set('HTML.Trusted', true); 

$config->set('Filter.YouTube', true); 
$config->set('HTML.DefinitionID', '1'); 
$config->set('HTML.SafeObject', 'true'); 
$config->set('Output.FlashCompat', 'true'); 

$config->set('HTML.FlashAllowFullScreen', 'true'); 

$purifier = new HTMLPurifier($config); 
$temp = $purifier->purify($temp);

来源

2011-01-19 swamprunner7

回答

0

摆脱%HTML.Trusted,%Filter.YouTube和%HTML.DefinitionID。他们可能与SafeObject/FlashCompat交互不佳。

来源

2011-01-19 19:40:20

+0

iframe中仍然受阻反正没梅特。你知道另一个好的解决方案,但支持iframe吗? – swamprunner7 2011-01-19 21:14:53

+0

哦,是的,你将不得不单独添加Iframe支持。以下是一种可能的方式:http://htmlpurifier.org/phorum/read.php?3,4646,4646#msg-4646当然,我们希望(最终)在核心中正确添加对它的支持。 – 2011-01-19 22:00:53

+0

我试过这个解决方案,但我有问题,这里是我的最后一个评论http://stackoverflow.com/questions/4135755/how-do-i-allow-script-object-param-embed-and-iframe-tags-in -htmlpurifier – swamprunner7 2011-01-19 23:13:41

8

我刚刚读了this blog entry,并成功创建并使用了自定义过滤器。我做了一些修改的代码,增加了Vimeo的支持:

/** 
* Based on: http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/ 
* Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way 
*/ 
class HTMLPurifier_Filter_MyIframe extends HTMLPurifier_Filter 
{ 
    public $name = 'MyIframe'; 

    /** 
    * 
    * @param string $html 
    * @param HTMLPurifier_Config $config 
    * @param HTMLPurifier_Context $context 
    * @return string 
    */ 
    public function preFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context) 
    { 
     $html = preg_replace('#<iframe#i', '<img class="MyIframe"', $html); 
     $html = preg_replace('#</iframe>#i', '</img>', $html); 
     return $html; 
    } 

    /** 
    * 
    * @param string $html 
    * @param HTMLPurifier_Config $config 
    * @param HTMLPurifier_Context $context 
    * @return string 
    */ 
    public function postFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context) 
    { 
     $post_regex = '#<img class="MyIframe"([^>]+?)>#'; 
     return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html); 
    } 

    /** 
    * 
    * @param array $matches 
    * @return string 
    */ 
    protected function postFilterCallback($matches) 
    { 
     // Domain Whitelist 
     $youTubeMatch = preg_match('#src="https?://www.youtube(-nocookie)?.com/#i', $matches[1]); 
     $vimeoMatch = preg_match('#src="http://player.vimeo.com/#i', $matches[1]); 
     if ($youTubeMatch || $vimeoMatch) { 
      $extra = ' frameborder="0"'; 
      if ($youTubeMatch) { 
       $extra .= ' allowfullscreen'; 
      } elseif ($vimeoMatch) { 
       $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen'; 
      } 
      return '<iframe ' . $matches[1] . $extra . '></iframe>'; 
     } else { 
      return ''; 
     } 
    } 
}

添加过滤器到你的HTML过滤配置

$config->set('Filter.Custom', array(new HTMLPurifier_Filter_MyIframe()));

来源

2011-12-20 20:56:31 Sonny

2

这多少应该做的伎俩

$text = "<iframe width='560' height='315' src='//www.youtube.com/embed/RGLI7QBUitE?autoplay=1' frameborder='0' allowfullscreen></iframe>"; 

require_once 'htmlpurifier/library/HTMLPurifier.auto.php'; 
$config = HTMLPurifier_Config::createDefault(); 
$config->set('HTML.Trusted', true); 
$config->set('Filter.YouTube', true); 

echo $purifier->purify($text);

来源

2014-01-12 12:55:45

0

,如果你之前已经将其设置为true也不要忘记设置

URI.DisableExternalResources: false

来源

2015-06-16 19:01:09 antongorodezkiy

1

对于任何人谁正在努力(如何启用iframe和将allowFullScreen)

$config = \HTMLPurifier_Config::createDefault(); 
    $config->set('HTML.SafeIframe', true); 
    $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo 
    // This line is important allow iframe in allowed elements or it will not work  
    $config->set('HTML.AllowedElements', array('iframe'));// <-- IMPORTANT 
    $config->set('HTML.AllowedAttributes','[email protected],[email protected]'); 

    $def = $config->getHTMLDefinition(true); 
    $def->addAttribute('iframe', 'allowfullscreen', 'Bool'); 

    $purifier = new \HTMLPurifier($config); 
    $purifiedHtml = $purifier->purify($html);

来源

2016-06-30 18:03:08 reverbnation

相关问题

 相关问题