It looks like you're new here. If you want to get involved, click one of these buttons!
So according to this thread, HTMLpurifier does not support HTML5.
One of the reasons why we're having so much trouble with Youtube iframes. Although our latest tweaks have got the basics loading up, the attributes "allow" and "allowfullscreen" are still stripped.
We all use HTML5 now right?
There is this
Perhaps it's looking at using it?
I've pushed a change to the develop branch to allow you to pass in your own config class in the
purifier.phpconfig. By default it uses what comes with Purifier. This was the easiest way to allow that kind of customization without requiring composer with FUEL (currently it's not needed anywhere else).
Composer isn't required though.
We can use https://php-download.com to compile xemlock/htmlpurifier-html5 and dump the resulting "vendor" directory into ./application/vendor.
require_once(APPPATH.'vendor/autoload.php');into the top of ./config/purifier.php and select the new
No doubt that could be moved under ./modules/fuel to make it a permanent fixture?
MY_html_helper.php needs more sophisticated code to handle loading the config class though. I did this to get mine running:
'HTML.Doctype' => 'HTML5'in the config
having dug into htmlpurifier-html5 a bit more, it looks like it's a bolt-on for htmlpurifier rather than a replacement - basically adding the html5 doctype. I think I prefer the config I implemented above since it allows the developer to edit the supporting files to include tag attributes that aren't currently supported (<iframe allow="foo" for example)
I'm thinking to fix we create the htmlpurifier-html5 autoload with php-download and place it in the fuel/modules/fuel/libraries folder as HTML5Purifier and then in the MY_html_helper file we change line 181 to
purifier.phpconfig like so:
Sounds like that would work. We could tidy up the config a bit too since I don't think the "comment" and "youtube" sections are used unless you manually assign one of them when you create the purifier object.
I've pushed an update for that in the deb branch. I left the comment and youtube configs just in case someone wants to use them with the
html_purify()function (outside of saving to the database).