我正在使用带有此配置的HTMLPurifier:
case 'comment':
$config = HTMLPurifier_Config::createDefault();
config->set('Core.Encoding', 'utf-8');
$config->set('HTML.Allowed', 'iframe[src|width|height|frameborder|allowfullscreen],p[style],p,br,hr,center,em,u,ul,li,font,ol,div[class|style],span[style],blockquote,strike,b,strong, img[src|alt|class|height|width],a[href|rel],object[width|height|data], param[name|value],embed[src|type|allowfullscreen|width|height]');
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^//(www.youtube.com/embed/|player.vimeo.com/video/)%');
$config->set('Cache.DefinitionImpl', null); // TODO: remove this later!
break;
嵌入YouTube视频时会删除allowfullscreen属性。 为什么呢?
答案 0 :(得分:0)
原因是此刻SafeIframe不支持该属性。您可以使用http://htmlpurifier.org/docs/enduser-customize.html
自行编程