htmlpurifier icon indicating copy to clipboard operation
htmlpurifier copied to clipboard

Published 20 hours ago verified publisher icon ezyang

html5 <video> tag support

Open chemel opened this issue 8 years ago • 10 comments

htmlpurifier remove the video tag, could you allow this tag?

Maybe you can draw inspiration from this piece of code: https://github.com/kennberg/php-htmlpurfier-html5/blob/master/htmlpurifier_html5.php#L59

Related issue: https://github.com/Exercise/HTMLPurifierBundle/issues/34

Thanks for this geat lib.

chemel avatar Dec 10 '16 12:12 chemel

Yes, in principle we should accept this tag, but we'll need to carefully audit it for XSS possibilities. People who want to live dangerously can perhaps just add video manually for now.

ezyang avatar Mar 08 '17 01:03 ezyang

how to add video manually?? i use in Yii2

Global90 avatar May 01 '17 12:05 Global90

We just try to allow video-tags in limesurvey using htmlpurifier to prevent XSS-attacks. So the question above is highly responsible for us. Is there an answer to "how to add video manually"?

jackewitz avatar Jun 28 '17 13:06 jackewitz

For a hacky but probably will work solution, look at http://htmlpurifier.org/docs/enduser-youtube.html

If you want to support it as a proper tag, look at http://htmlpurifier.org/docs/enduser-customize.html

ezyang avatar Jul 06 '17 02:07 ezyang

Thanks for your reply. Unfortunately: LimeSurvey use an array to configure htmlpurifier. Is it possible to add video tag via the configuration array (not via the configuration object)?

We tried it with

  • HTML.Allowed
  • HTML.AllowedElements and HTML.AllowedAttributes

but nothing works.

jackewitz avatar Jul 06 '17 08:07 jackewitz

I just follow the enduser-customize.html and use bellow code, video tag works as expected! Maybe need to improve the some parameter. hope it helps.

$def = $htmlPurifierConfig->getHTMLDefinition(true);
$def->addElement(   // add video tag
    'video',   // name
    'Block',  // content set
    'Flow', // allowed children
    'Common', // attribute collection
    array( // attributes
        'src' => 'URI',
        'width' => 'Length',
        'height' => 'Length',
        'style' => 'CDATA'
    )
);

$purifier = new HTMLPurifier($htmlPurifierConfig);

lj3lj3 avatar May 22 '18 10:05 lj3lj3

https://github.com/xemlock/htmlpurifier-html5 adds HTML5 definitions to this lib

mattford avatar Jun 07 '18 14:06 mattford

Is there still any hope to implement this feature request soon? I haven't the proper experience to contribute the code but I found it a vital thing in 2022 I faced a problem with it in this post

mbnoimi avatar Jul 29 '22 22:07 mbnoimi

@mbnoimi it's implemented in https://github.com/xemlock/htmlpurifier-html5

bytestream avatar Jul 29 '22 23:07 bytestream

@mbnoimi it's implemented in https://github.com/xemlock/htmlpurifier-html5

Sorry for my mistake. I didn't notice that this repository doesn't belong to NextCloud (I came from this discussion)

mbnoimi avatar Jul 30 '22 08:07 mbnoimi