如何使用 HTMLPurifier 来过滤 xss,同时允许 iframe Vimeo 和 Youtube 视频?
require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Trusted', true);
$config->set('Filter.YouTube', true);
$config->set('HTML.DefinitionID', '1');
$config->set('HTML.SafeObject', 'true');
$config->set('Output.FlashCompat', 'true');
$config->set('HTML.FlashAllowFullScreen', 'true');
$purifier = new HTMLPurifier($config);
$temp = $purifier->purify($temp);
最佳答案
HTMLPurifier 4.4.0 版具有新的配置指令以允许 YouTube 和 Vimeo iframes:
//allow iframes from trusted sources
$cfg->set('HTML.SafeIframe', true);
$cfg->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo
关于php - HTMLPurifier iframe Vimeo 和 Youtube 视频,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4739284/