I need to allow HTML5 tags and attributes. I need to allow iframes from trusted sources for embedding video, audio and 3D-models.
There’s pretty good HTMLPurifier extension for HTML5 at GitHub. There’re many examples for allowing iframes, just a basic example here
But how to extend/inject Omeka’s definitions? It’s not enough to add allowed HTML elements and attributes under Settings > Security, it requires custom code.
I cannot override the definitions on-fly, because Omeka_Controller_Plugin_HtmlPurifier
has built-in methods that run first and then fires hook, that doesn’t support priority argument unlike filter.
I found 2 possible ways, but both will touch the core…
Omeka_Filter_HtmlPurifier
could add filter inside createHtmlPurifier()
method:
$purifierConfig = apply_filters('html_purifier_config_setup', $purifierConfig);
Or eventually Omeka_Controller_Plugin_HtmlPurifier
inside preDispatch()
method:
$purifier = apply_filters('html_purifier_setup', $purifier, ['request' => $request]);
What’s the best way to do it? Or any other solutions?
UPDATE: There’s another catch that makes it harder to implement. As soon as I read/get config or definitions, the HTMLPurifier_Config
object gets automatically finalized, so it’s impossible to write/set any new values to it. Only the first plugin would be allowed to do something. The only way would be calling HTMLPurifier_Config::inherit($currentConfig)
to get fresh copy to work on…