views:

372

answers:

2

Is it possible to allow embed, object, and param HTML tags with HTMLPurifier? I'm trying to allow YouTube, Vimeo, etc. videos to be embedded, but they're always stripped, no matter what I try. I do understand that these are risky tags to allow.

If it's not possible, what other HTML filtering options do I have with PHP? It doesn't seem that Tidy is designed for filtering... is it? And strip_tags() doesn't give me the level of control — such as only allowing certain attributes — that I'm looking for.

Thanks for your help!

+1  A: 

The best solution you have is http://htmlpurifier.org/docs/enduser-youtube.html

Edward Z. Yang
+1  A: 

For newer versions (4.1+) Filter.YouTube is deprecated. So instead you should use HTML.SafeObject & Output.FlashCompat

$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('HTML.Allowed', 'object[width|height|data],param[name|value],embed[src|type|allowscriptaccess|allowfullscreen|width|height]');

but htmlpurifier still have some problems with proper interpretation of youtube & etc. they work on it at: http://htmlpurifier.org/phorum/read.php?5,2239,page=3 so probably in future months it should be finally done.

Dobiatowski