Here's a few changes I made to my /inc/utils.inc.php to allow iframe embed code from youtube, vimeo and twitch.tv
If you have a lot of sites to whitelist, this method gets a bit tedious.... that's why I entered the ticket. For just a few sites it's no problem.
// HTML Purifier plugin
global $oHtmlPurifier;
require_once( BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php' );
if (!isset($oHtmlPurifier)) {
HTMLPurifier_Bootstrap::registerAutoload();
$oConfig = HTMLPurifier_Config::createDefault();
$oConfig->set('HTML.SafeIframe', 'true');
$oConfig->set('HTML.SafeObject', 'true');
$oConfig->set('Output.FlashCompat', 'true');
$oConfig->set('HTML.FlashAllowFullScreen', 'true');
if (getParam('sys_antispam_add_nofollow')) {
$sHost = parse_url(BX_DOL_URL_ROOT, PHP_URL_HOST);
$oConfig->set('URI.Host', $sHost);
$oConfig->set('HTML.Nofollow', 'true');
}
$oConfig->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|www\.twitch\.tv)%'); //allow YouTube and Vimeo and twitch.tv // $oConfig->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo
// $oConfig->set('Filter.Custom', array (new HTMLPurifier_Filter_LocalMovie(), new HTMLPurifier_Filter_YouTube(), new HTMLPurifier_Filter_YoutubeIframe()));
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees.