From 616b25ed14557d18a6686bdab5c0db73513c982c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dufraisse?=
 <jeremy.dufraisse-info@orange.fr>
Date: Wed, 15 Feb 2023 17:01:03 +0100
Subject: [PATCH] feat(HTMLPurifer): first step try to allow iframe

---
 includes/services/HtmlPurifierService.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/includes/services/HtmlPurifierService.php b/includes/services/HtmlPurifierService.php
index 2d5e1dba4..97da4bcd6 100644
--- a/includes/services/HtmlPurifierService.php
+++ b/includes/services/HtmlPurifierService.php
@@ -50,6 +50,10 @@ public function cleanHTML(string $dirty_html): string
                 '_top',
             ]);
 
+            // allow iframe
+            $config->set('HTML.SafeIframe', true);
+            $config->set('HTML.SafeIframeRegexp', '%^https?://.*%');
+
             // set the cache folder
             // doc : http://htmlpurifier.org/live/configdoc/plain.html#Cache.SerializerPath
             if (!is_dir(self::HTMLPURIFIER_CACHE_FOLDER)) {
@@ -57,6 +61,9 @@ public function cleanHTML(string $dirty_html): string
             }
             $config->set('Cache.SerializerPath', realpath(self::HTMLPURIFIER_CACHE_FOLDER));
 
+            $def = $config->getHTMLDefinition(true);
+            $def->addAttribute('iframe', 'allowfullscreen', 'Bool');
+
             $this->purifier = new HTMLPurifier($config);
         }