Search code examples

Yii1 - HtmlPurifier removes allowfullscreen attribute

I am using below configuration to clean the input from user in my Yii project using its inbuilt support for HtmlPurifier

        'URI.AllowedSchemes' => array(
            'http' => true,
            'https' => true,
        "HTML.SafeEmbed" => true,
        'HTML.TargetBlank' => true,
        "HTML.SafeIframe" => true,
        "Filter.YouTube" => true,
        'URI.SafeIframeRegexp' => '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'


<iframe width="560" height="315" src="" frameborder="0" allowfullscreen></iframe>

Above Url when saved after purifying gets converted to below iframe code

<iframe width="560" height="315" src="" frameborder="0"></iframe>

How can we allow allowfullscreen attribute as safe ? Does any change in regex will solve this or need to apply a custom solution ?


  • There is already a useful link which will solve the answer.....We need to implement a custom class to allow the "allowfullscreen" attribute. This will add this attribute on purified iframe code.

    Reference Answered by Sonny HTMLPurifier iframe Vimeo and Youtube video


    1) Include the class from above url .

    2) Set Filter.custom exactly in way shown in above url.

    Setting Html Purifier options can be in different in frameworks.