Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Video Embeds Stripped Out Regardless of HTML Purifier Config #59

Closed
itsmattsoria opened this issue Feb 8, 2023 · 5 comments
Closed

Video Embeds Stripped Out Regardless of HTML Purifier Config #59

itsmattsoria opened this issue Feb 8, 2023 · 5 comments
Assignees
@i-just
Labels
bug

Comments

@itsmattsoria
Copy link

Description

The Default.json config for HTML Purifier that is included on installation has the following lines, which should prevent YouTube and Vimeo video embeds from being stripped out of a CKEditor field on save, but embeds from either platform are still being stripped out.

  "HTML.SafeIframe": true,
  "URI.SafeIframeRegexp": "%^(https?:)?//(www.youtube.com/embed/|player.vimeo.com/video/)%"

I wasn't totally sure if this issue belongs here, or in the Craft starter, or with HTML Purifier itself, but for reference, I tested this with Redactor, and it wasn't an issue there, the embeds remained after save.

Steps to reproduce

  1. Do a fresh Craft install using the Quick Start Guide
  2. Install the latest version of CKEditor with ddev composer require craftcms/ckeditor -w && ddev exec php craft plugin/install ckeditor
  3. Keep the default installation settings, which at the time of writing includes https://cdn.ckeditor.com/ckeditor5/32.0.0/classic/ckeditor.js as the CKEditor Build URL.
  4. Create a CKEditor field and add it to a section for use (you'll need to create a new section if starting fresh). Keep the default settings, which leaves "Purify HTML" as checked, and uses the Default config.
  5. Go to the entry where the field was added, and paste in a YouTube or Vimeo URL ( I recommend this one). The editor should automatically take that and produce the iframe code that displays it as an embed within the editor.
  6. Hit "save" on the entry and see your empty field where the embed should remain.

Additional info

  • Craft version: 4.3.8.1 Solo
  • PHP version: 8.0.24
  • Database driver & version: MySQL 10.4.26
  • Plugins & versions: Just CKEditor 2.2.0
@i-just i-just self-assigned this Feb 9, 2023
@i-just
Copy link
Contributor

i-just commented Feb 9, 2023

Hi, thanks for reaching out. This seems to be related to: ezyang/htmlpurifier#302. CKEditor 5 uses oembed to add media (CKEditor 4 used iframe, which is why it worked there). We’ll talk about options internally, and I’ll let you know once we’ve done so.

@itsmattsoria
Copy link
Author

@i-just Ahh, yep. Dang. Well thank you for that update, I appreciate it!

This was referenced Feb 14, 2023
Merged
Merged
@brandonkelly
Copy link
Member

Craft 3.7.66 and 4.3.9 are out with an update to the HTML Purifier config to allow oembed tags (via craftcms/cms#12675). There’s also a new Embedding Videos/Media in CKEditor 5 section in the plugin readme.

@FrDH
Copy link

FrDH commented Sep 21, 2023

We're on Craft 4.5.5 but YouTube video's are always stripped out when using HTML purifier, regardless of what config is used.

@kevinmu17
Copy link

kevinmu17 commented Oct 25, 2023
edited
Loading

4.5.9 also not working unless uncheck the Purify HTML option in the field.

  "HTML.SafeIframe": true,
  "URI.SafeIframeRegexp": "%^(https?:)?//(www\\.youtube\\.com/embed/|www\\.youtube\\.com/watch\\?v=.+|youtu\\.be/.+|www\\.youtube(?:-nocookie)?\\.com/embed/|player\\.vimeo\\.com/video/)%"

Add this to your htmlpurifier json config @FrDH and try again

@corneliusio corneliusio mentioned this issue Jul 10, 2024
Closed
@i-just i-just mentioned this issue Aug 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@i-just i-just

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@brandonkelly @FrDH @itsmattsoria @i-just @kevinmu17