{"id":21177462,"url":"https://github.com/betsol/htmlpurifier","last_synced_at":"2025-03-14T18:29:09.753Z","repository":{"id":6000062,"uuid":"7222948","full_name":"betsol/htmlpurifier","owner":"betsol","description":"Add-ons for HTMLPurifier library","archived":false,"fork":false,"pushed_at":"2014-04-13T22:09:31.000Z","size":156,"stargazers_count":3,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-21T11:44:43.071Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/betsol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-12-18T12:30:15.000Z","updated_at":"2020-07-21T03:14:17.000Z","dependencies_parsed_at":"2022-09-12T09:41:27.854Z","dependency_job_id":null,"html_url":"https://github.com/betsol/htmlpurifier","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/betsol%2Fhtmlpurifier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/betsol%2Fhtmlpurifier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/betsol%2Fhtmlpurifier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/betsol%2Fhtmlpurifier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/betsol","download_url":"https://codeload.github.com/betsol/htmlpurifier/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243624772,"owners_count":20321161,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T17:16:11.295Z","updated_at":"2025-03-14T18:29:09.732Z","avatar_url":"https://github.com/betsol.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HTMLPurifier Add-ons\n\nAddons for [HTMLPurifier](http://htmlpurifier.org/ \"HTML Purifier - Filter your HTML the standards-compliant way!\") library.\n\n# Filters\n\n## Iframe\n\nFlexible content filter for granular control over iframes embedding.\n\n[Discussion for Iframe plugin is here](http://htmlpurifier.org/phorum/read.php?2,6715).\n\n### With this plugin you can:\n\n1. Control which iframe tags will be preserved and which would be dropped.\n2. Control what attributes are allowed for iframe tags.\n\n### Plugin will decide to preserve or to drop iframe tag using following steps:\n\n1. If iframe tag's src-attribute points to a URI which domain name is specified inside **allowed_domains** directive, then it should be preserved.\n\n2. Plugin makes callback to a user function specified via **callback.is_uri_allowed** directive to decide whether to **PRESERVE** this iframe (function receives URI attribute).\n\n3. Plugin makes callback to a user function specified via **callback.is_uri_denied** directive to decide whether to **DROP** this iframe (function receives URI attribute).\n\nIf steps 1-2 generates at least one **ALLOW** signal and step 3 doesn't generate **DENY** signal, then iframe tag will be preserved. In any other case it will be dropped.\n\nThis filtering scheme mimics classic *ALLOW-DENY-ORDER* firewall.\n\n### Best practices:\n\n- Use allowed domains to allow entire domain names (subdomains must be specified explicitly). Also see **uri.skip_www** directive.\n- Use **ALLOW** callback function to allow more specific URI's.\n- Finally use **DENY** callback function to deny some exceptional URI's.\n\nUsing this three schemes together you can achieve very granular and flexible filtering. But don't forget to heavily test your filtering stack before using it in production!\n\nSee **$default_options** static property for options documentation.\n\n### Usage example:\n\n```php\n// Some content with \u003ciframe\u003e tags.\n$content = '...';\n\n/** @var HTMLPurifier_Config $purifierConfig */\n$purifierConfig = HTMLPurifier_Config::createDefault();\n\n// Setting filters.\n$iframeFilter = new HTMLPurifier_Filter_Betsol_Iframe(array(\n    // Initially allowing everything from the YouTube's domain.\n    'allowed_domains' =\u003e array(\n        'youtube.com',\n    ),\n    \n    // Allowing only specific URI's for SoundCloud and DailyMotion.\n    'callback.is_uri_allowed' =\u003e function($uri) {\n        if (\n               preg_match('@^https://w\\.soundcloud\\.com/player/@i',     $uri)\n            || preg_match('@^http://(www\\.)?dailymotion\\.com/embed/@i', $uri)\n        ) {\n            return true;\n        }\n    },\n    \n    // And finally blocking a single video from the YouTube.\n    'callback.is_uri_denied' =\u003e function($uri) {\n        if (\n           preg_match('@^http://(www\\.)?youtube\\.com/watch\\?(.*?)\u0026?v=IytNBm8WA1c@i', $uri)\n        ) {\n            return true;\n        }\n    },\n));\n\n$purifierConfig-\u003eset('Filter.Custom', array(\n    $iframeFilter,\n));\n\n$purifier = new HTMLPurifier($purifierConfig);\n\nreturn $purifier-\u003epurify($content);\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbetsol%2Fhtmlpurifier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbetsol%2Fhtmlpurifier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbetsol%2Fhtmlpurifier/lists"}