html5 <video> tag support

ezyang / htmlpurifier

Standards compliant HTML filter written in PHP

http://htmlpurifier.org

GNU Lesser General Public License v2.1

3.1k stars 332 forks source link

html5 <video> tag support #106

Open chemel opened 7 years ago

chemel commented 7 years ago

htmlpurifier remove the video tag, could you allow this tag?

Maybe you can draw inspiration from this piece of code: https://github.com/kennberg/php-htmlpurfier-html5/blob/master/htmlpurifier_html5.php#L59

Thanks for this geat lib.

ezyang commented 7 years ago

Yes, in principle we should accept this tag, but we'll need to carefully audit it for XSS possibilities. People who want to live dangerously can perhaps just add video manually for now.

Global90 commented 7 years ago

how to add video manually?? i use in Yii2

jackewitz commented 7 years ago

We just try to allow video-tags in limesurvey using htmlpurifier to prevent XSS-attacks. So the question above is highly responsible for us. Is there an answer to "how to add video manually"?

ezyang commented 7 years ago

For a hacky but probably will work solution, look at http://htmlpurifier.org/docs/enduser-youtube.html

If you want to support it as a proper tag, look at http://htmlpurifier.org/docs/enduser-customize.html

jackewitz commented 7 years ago

Thanks for your reply. Unfortunately: LimeSurvey use an array to configure htmlpurifier. Is it possible to add video tag via the configuration array (not via the configuration object)?

We tried it with

HTML.Allowed
HTML.AllowedElements and HTML.AllowedAttributes

but nothing works.

lj3lj3 commented 6 years ago

I just follow the enduser-customize.html and use bellow code, video tag works as expected! Maybe need to improve the some parameter. hope it helps.

$def = $htmlPurifierConfig->getHTMLDefinition(true);
$def->addElement(   // add video tag
    'video',   // name
    'Block',  // content set
    'Flow', // allowed children
    'Common', // attribute collection
    array( // attributes
        'src' => 'URI',
        'width' => 'Length',
        'height' => 'Length',
        'style' => 'CDATA'
    )
);

$purifier = new HTMLPurifier($htmlPurifierConfig);

mattford commented 6 years ago

https://github.com/xemlock/htmlpurifier-html5 adds HTML5 definitions to this lib

mbnoimi commented 2 years ago

Is there still any hope to implement this feature request soon? I haven't the proper experience to contribute the code but I found it a vital thing in 2022 I faced a problem with it in this post

bytestream commented 2 years ago

@mbnoimi it's implemented in https://github.com/xemlock/htmlpurifier-html5

mbnoimi commented 2 years ago

@mbnoimi it's implemented in https://github.com/xemlock/htmlpurifier-html5

Sorry for my mistake. I didn't notice that this repository doesn't belong to NextCloud (I came from this discussion)