doujiao9426 2015-06-06 06:03
浏览 81
已采纳

Yii1 - HtmlPurifier删除allowfullscreen属性

I am using below configuration to clean the input from user in my Yii project using its inbuilt support for HtmlPurifier

array(
        'URI.AllowedSchemes' => array(
            'http' => true,
            'https' => true,
        ),
        "HTML.SafeEmbed" => true,
        'HTML.TargetBlank' => true,
        "HTML.SafeIframe" => true,
        "Filter.YouTube" => true,
        'URI.SafeIframeRegexp' => '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'
    ),

Example:-

<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0" allowfullscreen></iframe>

Above Url when saved after purifying gets converted to below iframe code

<iframe width="560" height="315" src="https://www.youtube.com/embed/Xe2nlti47kA" frameborder="0"></iframe>

How can we allow allowfullscreen attribute as safe ? Does any change in regex will solve this or need to apply a custom solution ?

  • 写回答

1条回答 默认 最新

  • douou9786 2015-06-08 13:23
    关注

    There is already a useful link which will solve the answer.....We need to implement a custom class to allow the "allowfullscreen" attribute. This will add this attribute on purified iframe code.

    Reference http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/ Answered by Sonny HTMLPurifier iframe Vimeo and Youtube video

    Steps

    1) Include the class from above url .

    2) Set Filter.custom exactly in way shown in above url.

    Setting Html Purifier options can be in different in frameworks.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 ESP32怎么烧录自启动程序
  • ¥50 html2canvas超出滚动条不显示
  • ¥15 java业务性能问题求解(sql,业务设计相关)
  • ¥15 52810 尾椎c三个a 写蓝牙地址
  • ¥15 elmos524.33 eeprom的读写问题
  • ¥15 使用Java milo连接Kepserver服务端报错?
  • ¥15 用ADS设计一款的射频功率放大器
  • ¥15 怎么求交点连线的理论解?
  • ¥20 软件开发方法学习来了
  • ¥15 微信小程序商城如何实现多商户收款 平台分润抽成