diff --git a/CHANGELOG.md b/CHANGELOG.md index eb1c92cb8cf..6e5146d7283 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## Unreleased +- HTML Purifier now allows `oembed` tags. ([ckeditor#59](https://github.com/craftcms/ckeditor/issues/59)) +- Added `craft\htmlpurifier\VideoEmbedUrlDef`. - Fixed a bug where entries that aren’t propagated to the primary site weren’t showing revision notes. ([#12641](https://github.com/craftcms/cms/issues/12641)) - Fixed a bug where HTML tags weren’t getting stripped from auto-generated Handle and URI Format setting values. - Fixed a JavaScript error that could occur if an object with `null `values was passed to `Craft.compare()`. diff --git a/src/helpers/HtmlPurifier.php b/src/helpers/HtmlPurifier.php index aec5dcfa5e2..436072f2f66 100644 --- a/src/helpers/HtmlPurifier.php +++ b/src/helpers/HtmlPurifier.php @@ -7,6 +7,7 @@ namespace craft\helpers; +use craft\htmlpurifier\VideoEmbedUrlDef; use HTMLPurifier_Config; /** @@ -71,6 +72,9 @@ public static function configure($config) // https://github.com/ezyang/htmlpurifier/issues/152#issuecomment-414192516 $def->addAttribute('a', 'download', 'URI'); + + $def->addElement('oembed', 'Block', 'Inline', 'Common'); + $def->addAttribute('oembed', 'url', new VideoEmbedUrlDef()); } } } diff --git a/src/htmlpurifier/VideoEmbedUrlDef.php b/src/htmlpurifier/VideoEmbedUrlDef.php new file mode 100644 index 00000000000..2a8fb4ff8f9 --- /dev/null +++ b/src/htmlpurifier/VideoEmbedUrlDef.php @@ -0,0 +1,31 @@ + + * @since 3.7.66 + */ +class VideoEmbedUrlDef extends HTMLPurifier_AttrDef_URI +{ + public function validate($uri, $config, $context) + { + $regexp = $config->get('URI.SafeIframeRegexp'); + if ($regexp !== null) { + if (!preg_match($regexp, $uri)) { + return false; + } + } + + return parent::validate($uri, $config, $context); + } +}