Question 224924 in Laravel Question posted in
The official Laravel Documentation can be found here.

Laravel – Why Element 'iframe' is not supported for youtube links with mews/purifier?

In laravel 8 app with mews/purifier: 3.4,
I need to show youtube video(defined using <iframe …)

As youtube iframe block is cleared by Purifier::clean( method I found branch
Laravel Package Purifer not work with iframe

and tried to modify my config/purifier.php file like:

'settings' => [
    'default' => [
        'HTML.Doctype' => 'HTML 4.01 Transitional',
         // I added this iframe rule
        'HTML.Allowed' => 'iframe[src|width|height|class|frameborder],h1,h2,h3,div,blockquote,table,tbody,tr,td,figure,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]',
        'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
        'AutoFormat.AutoParagraph' => false,
        'AutoFormat.RemoveEmpty' => true,
    ],
    'test' => [
        'Attr.EnableID' => 'true',
    ],
    'youtube' => [
        "HTML.SafeIframe" => 'true',
        "Filter.YouTube" => 'true',
        // I suppose this rule means all iframes are allowed
        "URI.SafeIframeRegexp" => '%.+%',
    ],

But I got error :

Element 'iframe' is not supported (for information on implementing this, see the support forums)
(View: /mnt/_work_sdb8/wwwroot/lar/HRBrazy/affiliate/resources/views/news/show.blade.php)

How that can be fixed ?

Tags:

2

Answers


  1. 0

    The configuration looks right for HTML Purifier. This script does what it should:

    // requiring HTMLPurifier.auto.php up here somewhere, no other code up here but that.

$dirtyHtml = '
<iframe width="560" height="315" src="https://www.youtube.com/embed/ydYDqZQpim8" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
';

$knobs = [
  'AutoFormat.AutoParagraph' => false,
  'AutoFormat.RemoveEmpty' => true,
  'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
  'Filter.YouTube' => 'true',
  'HTML.Allowed' => 'iframe[src|width|height|class|frameborder],h1,h2,h3,div,blockquote,table,tbody,tr,td,figure,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]',
  'HTML.Doctype' => 'HTML 4.01 Transitional',
  'HTML.SafeIframe' => 'true',
  'URI.SafeIframeRegexp' => '%.+%',
];

$config = HTMLPurifier_Config::createDefault();
foreach ($knobs as $setting => $value) {
  $config->set($setting, $value);
}
$purifier = new HTMLPurifier($config);

$cleanHtml = $purifier->purify($dirtyHtml);

echo $cleanHtml . PHP_EOL;

    This gives me:

    <iframe width="560" height="315" src="https://www.youtube.com/embed/ydYDqZQpim8" frameborder="0"></iframe>

    If I comment out the lines that are in your 'youtube' configuration block, however, like so:

    // ...
$knobs = [
  'AutoFormat.AutoParagraph' => false,
  'AutoFormat.RemoveEmpty' => true,
  'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
  // 'Filter.YouTube' => 'true',
  'HTML.Allowed' => 'iframe[src|width|height|class|frameborder],h1,h2,h3,div,blockquote,table,tbody,tr,td,figure,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]',
  'HTML.Doctype' => 'HTML 4.01 Transitional',
  // 'HTML.SafeIframe' => 'true',
  // 'URI.SafeIframeRegexp' => '%.+%',
];
// ...

    …then I get your error:

    PHP Warning:  Element 'iframe' is not supported (for information on implementing this, see the support forums)  in /<...>/HTMLDefinition.php on line 311
PHP Stack trace:
<...>

    Unfortunately, I don’t know anything about the Laravel integration here, and how you choose which configuration is active, but if you make sure that the 'youtube' and 'default' blocks are actually being combined and used, that should solve your problem.

    Login or Signup to reply.
  2. 0

    Just add ‘youtube’ at last as config, it works for me in laravel 10:
    clean($request->body, 'youtube');

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search