Allow embed/object/param HTML tags with HTMLPurifier?

Question

Is it possible to allow embed, object, and param HTML tags with HTMLPurifier? I'm trying to allow YouTube, Vimeo, etc. videos to be embedded, but they're always stripped, no matter what I try. I do understand that these are risky tags to allow.

If it's not possible, what other HTML filtering options do I have with PHP? It doesn't seem that Tidy is designed for filtering... is it? And strip_tags() doesn't give me the level of control — such as only allowing certain attributes — that I'm looking for.

Thanks for your help!

Answer 1

The best solution you have is http://htmlpurifier.org/docs/enduser-youtube.html

Answer 2

For newer versions (4.1+) Filter.YouTube is deprecated. So instead you should use HTML.SafeObject & Output.FlashCompat

$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('HTML.Allowed', 'object[width|height|data],param[name|value],embed[src|type|allowscriptaccess|allowfullscreen|width|height]');

but htmlpurifier still have some problems with proper interpretation of youtube & etc. they work on it at: http://htmlpurifier.org/phorum/read.php?5,2239,page=3 so probably in future months it should be finally done.