oembed / CKeditor

[jawwadkalia]

Anyone found a way to allow oembed tag that comes with CKeditor media embed option?

[akf]

I'm working through this right now, so I thought I'd share. Here's what's working for me (this is partial; there's a lot in our config that isn't relevant and I haven't actually tested this subset:

        $config = HTMLPurifier_Config::createDefault();
        $config->set('HTML.TidyLevel', 'medium');

        /* You are probably already doing this, or something equivalent: */
	$config->set('HTML.AllowedElements', ['div' => true, 'iframe' => true]);
        $config->set('HTML.AllowedAttributes', [
                    'div.style'  => true,
                    'div.data-oembed-url'    => true,
                    'iframe.src'             => true,
                    'iframe.allowfullscreen' => true,
                    'iframe.tabindex'        => true,
                    'iframe.style'           => true,]);

         /* You also need this. */
         $def = $config->getHTMLDefinition(true);
         $def->addAttribute('div', 'data-oembed-url', 'URI');
         $def->addAttribute('div', 'style', 'Text');

         /* This is for the iframes you get if you pass omit_script=1. */
         $config->set('HTML.SafeIframe', TRUE);
         $config->set('URI.SafeIframeRegexp', '%^(https://cdn.iframe.ly/\S+)%');
         $def->addAttribute('iframe', 'allowfullscreen', 'Bool');
         $def->addAttribute('iframe', 'tabindex', 'Text');                                     
         $def->addAttribute('iframe', 'style', 'Text');

         $purifier = new HTMLPurifier($config);

I'm allowing iframes from cdn.iframe.ly as well as div with data-oembed-url because we've elected to configure our calls to iframely to give us the iframed version of the embed. You may not need that!

[jawwadkalia]

I will try this one and see on my side

Thanks

[AdamMiltonBarker]

Hi is there a solution to this? No matter what configuration I try oembed is always stripped out meaning the embed Youtube feature of CKEditor is useless.

[AdamMiltonBarker]

@ezyang please could you respond to this?

[ezyang]

oembed sounds like some new attribute, which means you have to teach HTML Purifier about the attribute (or reinsert it out of band, which is how some of the filters work)

[AdamMiltonBarker]

oembed sounds like some new attribute, which means you have to teach HTML Purifier about the attribute (or reinsert it out of band, which is how some of the filters work)

How exactly do we solve this issue? It is obvious that everyone that has tried here has been unable to find out how to.

[ezyang]

well, as a start, can someone post what the ckeditor oembed html looks like here

[AdamMiltonBarker]

well, as a start, can someone post what the ckeditor oembed html looks like here

Yer sure give me 5 minutes I will get it for you.

[AdamMiltonBarker]

well, as a start, can someone post what the ckeditor oembed html looks like here

<figure class="media"><oembed url="https://www.youtube.com/watch?v=nxLvxo0-NXs&amp;t=9s"></oembed></figure>

[AdamMiltonBarker]

well, as a start, can someone post what the ckeditor oembed html looks like here

Hi, please do you have an update on this?