HTMLPurifier iframe Vimeo 和 Youtube 视频

2021-12-21 00:00:00 iframe php video xss htmlpurifier

如何使用 HTMLPurifier 过滤 xss 并允许 iframe Vimeo 和 Youtube 视频?

How can I use HTMLPurifier to filter xss but also to allow iframe Vimeo and Youtube video?

require_once 'htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.Trusted', true); $config->set('Filter.YouTube', true); $config->set('HTML.DefinitionID', '1'); $config->set('HTML.SafeObject', 'true'); $config->set('Output.FlashCompat', 'true'); $config->set('HTML.FlashAllowFullScreen', 'true'); $purifier = new HTMLPurifier($config); $temp = $purifier->purify($temp);

推荐答案

HTMLPurifier 4.4.0 版具有允许 YouTube 和 Vimeo iframe 的新配置指令:

HTMLPurifier version 4.4.0 has new configuration directives to allow YouTube and Vimeo iframes:

//allow iframes from trusted sources $cfg->set('HTML.SafeIframe', true); $cfg->set('URI.SafeIframeRegexp', '%^(https?:)?//(www.youtube(?:-nocookie)?.com/embed/|player.vimeo.com/video/)%'); //allow YouTube and Vimeo

http://htmlpurifier.org/live/configdoc/plain.html#HTML.SafeIframe
http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp

相关文章