I need to allow HTML5 tags and attributes. I need to allow iframes from trusted sources for embedding video, audio and 3D-models.
There’s pretty good HTMLPurifier extension for HTML5 at GitHub. There’re many examples for allowing iframes, just a basic example here
But how to extend/inject Omeka’s definitions? It’s not enough to add allowed HTML elements and attributes under Settings > Security, it requires custom code.
I cannot override the definitions on-fly, because Omeka_Controller_Plugin_HtmlPurifier has built-in methods that run first and then fires hook, that doesn’t support priority argument unlike filter.
I found 2 possible ways, but both will touch the core…
Omeka_Filter_HtmlPurifier could add filter inside createHtmlPurifier() method:
$purifierConfig = apply_filters('html_purifier_config_setup', $purifierConfig);
Or eventually Omeka_Controller_Plugin_HtmlPurifier inside preDispatch() method:
$purifier = apply_filters('html_purifier_setup', $purifier, ['request' => $request]);
What’s the best way to do it? Or any other solutions?
UPDATE: There’s another catch that makes it harder to implement. As soon as I read/get config or definitions, the HTMLPurifier_Config object gets automatically finalized, so it’s impossible to write/set any new values to it. Only the first plugin would be allowed to do something. The only way would be calling HTMLPurifier_Config::inherit($currentConfig) to get fresh copy to work on…