htmlpurifier icon indicating copy to clipboard operation
htmlpurifier copied to clipboard
verified publisher icon ezyang

oembed / CKeditor

Open jawwadkalia opened this issue 4 years ago • 10 comments

Anyone found a way to allow oembed tag that comes with CKeditor media embed option?

jawwadkalia avatar Sep 21 '21 15:09 jawwadkalia

I'm working through this right now, so I thought I'd share. Here's what's working for me (this is partial; there's a lot in our config that isn't relevant and I haven't actually tested this subset:

        $config = HTMLPurifier_Config::createDefault();
        $config->set('HTML.TidyLevel', 'medium');

        /* You are probably already doing this, or something equivalent: */
	$config->set('HTML.AllowedElements', ['div' => true, 'iframe' => true]);
        $config->set('HTML.AllowedAttributes', [
                    'div.style'  => true,
                    'div.data-oembed-url'    => true,
                    'iframe.src'             => true,
                    'iframe.allowfullscreen' => true,
                    'iframe.tabindex'        => true,
                    'iframe.style'           => true,]);

         /* You also need this. */
         $def = $config->getHTMLDefinition(true);
         $def->addAttribute('div', 'data-oembed-url', 'URI');
         $def->addAttribute('div', 'style', 'Text');

         /* This is for the iframes you get if you pass omit_script=1. */
         $config->set('HTML.SafeIframe', TRUE);
         $config->set('URI.SafeIframeRegexp', '%^(https://cdn.iframe.ly/\S+)%');
         $def->addAttribute('iframe', 'allowfullscreen', 'Bool');
         $def->addAttribute('iframe', 'tabindex', 'Text');                                     
         $def->addAttribute('iframe', 'style', 'Text');

         $purifier = new HTMLPurifier($config);

I'm allowing iframes from cdn.iframe.ly as well as div with data-oembed-url because we've elected to configure our calls to iframely to give us the iframed version of the embed. You may not need that!

akf avatar Nov 18 '21 19:11 akf

I will try this one and see on my side

Thanks

jawwadkalia avatar Nov 18 '21 20:11 jawwadkalia

Hi is there a solution to this? No matter what configuration I try oembed is always stripped out meaning the embed Youtube feature of CKEditor is useless.

AdamMiltonBarker avatar Feb 07 '23 16:02 AdamMiltonBarker

@ezyang please could you respond to this?

AdamMiltonBarker avatar Feb 14 '23 19:02 AdamMiltonBarker

oembed sounds like some new attribute, which means you have to teach HTML Purifier about the attribute (or reinsert it out of band, which is how some of the filters work)

ezyang avatar Feb 15 '23 01:02 ezyang

oembed sounds like some new attribute, which means you have to teach HTML Purifier about the attribute (or reinsert it out of band, which is how some of the filters work)

How exactly do we solve this issue? It is obvious that everyone that has tried here has been unable to find out how to.

AdamMiltonBarker avatar Feb 15 '23 01:02 AdamMiltonBarker

well, as a start, can someone post what the ckeditor oembed html looks like here

ezyang avatar Feb 15 '23 01:02 ezyang

well, as a start, can someone post what the ckeditor oembed html looks like here

Yer sure give me 5 minutes I will get it for you.

AdamMiltonBarker avatar Feb 15 '23 01:02 AdamMiltonBarker

well, as a start, can someone post what the ckeditor oembed html looks like here

<figure class="media"><oembed url="https://www.youtube.com/watch?v=nxLvxo0-NXs&amp;t=9s"></oembed></figure>

AdamMiltonBarker avatar Feb 15 '23 01:02 AdamMiltonBarker

well, as a start, can someone post what the ckeditor oembed html looks like here

Hi, please do you have an update on this?

AdamMiltonBarker avatar Feb 21 '23 18:02 AdamMiltonBarker