I think HTML purifier changed with the 7.1 release on how Dolphin uses it. I have members wanting to embed videos from FaceSucks. Looking at the filters I see a YouTubeIframe.php. I am guessing that I can use that to create a FaceSucksIframe.php filter since they are similar in nature. What else needs to be done; how/where do I tell HTMLpurifier to use the FaceSucksIframe.php filter when it encounters an iframe with the facesucks URL? Geeks, making the world a better place |
I was HL was here, I know he did some work with the purifier.
I was going to try
HTML.SafeIframe', true
but that has to be used with a RegExp or a Whitelist and I could not seem to get it to work. HL was correct, the documentation for htmlpurifier is horrible.
I am currently trying to get a FacebookIframe.php filter to work without luck.
HL, where are you when I need you LOL.
I also found out that my version of utils is different from the 7.1.4 version.
Geeks, making the world a better place |
What I find surprising is that no one else except HL has worked with this. There are many video sharing sites on the net beside YouTube and members want to embed from them in their blogs and such. I do have the extra embed code for albums but this is for creating blog posts and inserting videos. Geeks, making the world a better place |
I found a solution that works more or like the HTML.SafeIframe. Instead of creating filters for each iframe source and trying to work through the RegExp, etc., you create one filter, MyIframe.php and then set up a "whitelist" matching in that filter for each video iframe source you want to allow. It the source matches the URL properly, then it will pass the original iframe code. I just tested with a FaceSucks iframe and it worked. I have Facebook and Vimeo in this example.
In ulits_inc.php you need to add:
$oConfig->set('Filter.Custom', array (new HTMLPurifier_Filter_MyIframe()));
or, in 7.1.4,
$oConfig->set('Filter.Custom', array (new HTMLPurifier_Filter_MyIframe(), new HTMLPurifier_Filter_LocalMovie(), new HTMLPurifier_Filter_YouTube(), new HTMLPurifier_Filter_YoutubeIframe()));
and in the filters directory of htmlpurifier you will need to add the filter, MyIframe.php with this code:
<?php
/** * Based on: http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/ * Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way */ class HTMLPurifier_Filter_MyIframe extends HTMLPurifier_Filter { public $name = 'MyIframe';
/** * * @param string $html * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return string */ public function preFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context) { $html = preg_replace('#<iframe#i', '<img class="MyIframe"', $html); $html = preg_replace('#</iframe>#i', '</img>', $html); return $html; }
/** * * @param string $html * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return string */ public function postFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context) { $post_regex = '#<img class="MyIframe"([^>]+?)>#'; return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html); }
/** * * @param array $matches * @return string */ protected function postFilterCallback($matches) { // Domain Whitelist $facebookMatch = preg_match('#src="https?://www.facebook.com/video/embed#i', $matches[1]); $vimeoMatch = preg_match('#src="http://player.vimeo.com/#i', $matches[1]); if ($facebookMatch || $vimeoMatch) { $extra = ' frameborder="0"'; if ($facebookMatch) { $extra .= ' allowfullscreen'; } elseif ($vimeoMatch) { $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen'; } return '<iframe ' . $matches[1] . $extra . '></iframe>'; } else { return ''; } } }
Any help with improving this is appreciated.
Geeks, making the world a better place |
Can you try to make a general form where you can insert any video source? |
Can you try to make a general form where you can insert any video source?
As you may know, iframes allow one to insert content into a webpage. iframes; inline frames, were born from the very bad idea of breaking a webpage into sections; one may recall framesets. The problem is that iframes can be a security risk and that is why htmlpurifier removes iframes by default. If one is running a social network with members adding content; we do need to control which iframes will be passed and which will be removed. Many of the video sharing sites are moving to iframes for their embed code; with some still offering the old object/embed codes.
Now this topic was strictly about adding iframe video sources; sites that offer an iframe embed code for their videos. It is based on having a whitelist of acceptable video sources; the same way that SAFE.Iframe does it; it may be the current version of htmlpurifier on my install does not have SafeIframe and is why it did not work or I did not set up the whitelist properly.
So, you could just allow all iframes and that would allow any video iframe source to be posted. However, at the same time you are allowing any source to be added to an iframe; not a good security practice. This method is easy for you to add a white list source, it simply checks the URL of a known safe source. For example, the facebook embed code that someone tries to insert into your site must be exactly, "www.facebook.com/video/embed". If they try to embed "www.facebook.com/joe/video" it will be rejected. You simply add a new source to the list and add the "OR" "||", double pipe without the quotes, followed by the new match. The extra is so that you can add any extra code needed for the particular source.
Let's look at dailymotion:
<iframe frameborder="0" width="480" height="270" src="http://www.dailymotion.com/embed/video/x15xgki"></iframe>
Our check to see if we will allow this iframe will be www.dailymotion.com/embed/video/
We will add:
$dailymotionMatch = preg_match('#src="http://www.dailymotion.com/embed/video/#i', $matches[1]);
and add to the if:
if ($facebookMatch || $vimeoMatch || $dailymotionMatch) {
and add any extra bits that should be included as well but in this case you don't; if you did, you would add in
} elseif ($dailymotionMatch) { $extra .= ' some extra things we need to add for dailymotion';
Geeks, making the world a better place |
Thank you master Geek_girl, you're so smart. |
Thank you master Geek_girl, you're so smart.
Me?
Geeks, making the world a better place |
What changes need to be made to 7.1 to allow for iframes - I have done it before but now juts CANT seem to work it out, I don't know what my issue is right now but please help. |
Some people really appreciate the help around here huh!
Thank you master Geek_girl, you're so smart.
Me?
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
What changes need to be made to 7.1 to allow for iframes - I have done it before but now juts CANT seem to work it out, I don't know what my issue is right now but please help.
Where are you wanting to add iframes? If you are adding an iframe with the TinyMCE editor, TinyMCE may be stripping out the code. Where will dictate how.
Geeks, making the world a better place |
described way tested on UNA and found EXELLENT!!!
Thanx, Geek Girl :)))
let me add Soundcloud to this fire:))
***********
// Domain Whitelist
$facebookMatch = preg_match('#src="https?://www.facebook.com/video/embed#i', $matches[1]);
$vimeoMatch = preg_match('#src="https://player.vimeo.com/video/#i', $matches[1]);
$soundcloudMatch = preg_match('#src="https://w.soundcloud.com/player/#i', $matches[1]);
if ($facebookMatch || $vimeoMatch || $soundcloudMatch) {
$extra = ' frameborder="0"';
if ($facebookMatch) {
$extra .= ' allowfullscreen';
} elseif ($vimeoMatch) {
$extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
} elseif ($soundcloudMatch) {
$extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
}
return '<iframe ' . $matches[1] . $extra . '></iframe>';
} else {
return '';
*************
Also can be added virtually any src
the point is :
1. to copy/paste more requisites for each src (look at soundcloud above and do the same)
2. in line
('#src="HERE_you_have_to_add_URL_of_player_from_embed_code_of_the_SITE/#i', $matches[1]);
it use to be in Embed Sharing Code of the site:
<iframe width="10 BLAH-BLAH-BLAH src="https://w.soundcloud.com/player/?BLAH-BLAH-BLAH></iframe>
***************
NB
talking about vimeo.com
there are some changes was taken from 2013, so in GG's code needs to change
http://player.vimeo.com/ to https://player.vimeo.com/video
It works for me, enjoy.
|