You are not logged in. Please login or register.
PHP Labware forum → htmLawed → Flash in htmLawed / clsid in classid
Hello...
shortly again... can you give me a Hint, how to modify the htmLAWED for using the Class-Id für Flash-Video's ?
It gets a denied: after the " for each time, I save the Profile...
Looks classid="denied:denied:denied:clsid:D2 after 3 save.
I read the Manual, an also looked the Forum here, but I don't understand how to White-List the clsid.
I'm not sure, where to place a mod in the PHP-File.
Thanks in Advance
Tom
htmLawed, by default and as of current build, does not permit the scheme/protocol 'clsid' of the 'classid' attribute. If the 'object' element/tag is being let through but not the 'classid' attribute value, all you have to do is allow the 'clsid' scheme for 'classid' by changing the $config parameter 'schemes'. E.g.,
// Configure htmLawed
$config=array('schemes'=>'classid:clsid; href: aim, feed, file, http...', ...);
// Run htmLawed on input
$out = htmLawed($in, $config...);$config is set in the code that calls htmLawed. htmLawed itself does not need to be modified.
Also see this post.
OK, thanks a lot...
Now I understand... my fault was, to search the Config in htmLAWED...
Just another short question... what do I have to put in the Config for keeping the "&" for the URL's ?
Best Regards
Tom
Okay, I tried it, and IE worked fine, but now a Part of my Embed was kicked.
Here's the Config I use:
$config_filter = array(
'comments'=>0,
'cdata'=>0,
'safe'=>0,
'deny_attribute'=>'on*',
'elements'=>'*-applet-iframe-script', // object, embed allowed
'schemes'=>'classid:clsid; href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https' // clsid allowed in classid
);That's my Script:
<object id="player" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" name="player" width="425" height="344">
<param name="movie" value="../FLASH/player.swf" />
<param name="allowfullscreen" value="true" />
<param name="allowscriptaccess" value="always" />
<param name="autostart" value="true" />
<param name="flashvars" value="file=../FLASH/Movie.flv&image=../FLASH/Pic.jpg" />
<embed
type="application/x-shockwave-flash"
id="player2"
name="player2"
src="../FLASH/player.swf"
width="425"
height="344"
allowscriptaccess="always"
allowfullscreen="true"
play="true"
autostart="true"
flashvars="file=../FLASH/Movie.flv&image=../FLASH/Pic.jpg"
/>
</object>And that's, how it looks after htmLawed:
<object id="player" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" name="player" width="425" height="344">
<param name="movie" value="../FLASH/player.swf" />
<param name="allowfullscreen" value="true" />
<param name="allowscriptaccess" value="always" />
<param name="autostart" value="true" />
<param name="flashvars" value="file=../FLASH/Movie.flv&image=../FLASH/Pic.jpg" />
<embed type="application/x-shockwave-flash" id="player2" name="player2" src="../FLASH/player.swf" width="425" height="344" />
</object>The embed part is cut of here...
Can you give me a hint for a better config ?
Also not changing anymore the &-sign ? (I commented the PHP for that)...
Thanks in Advance
Tom
htmLawed currently permits these attributes in the 'embed' element: align, bgcolor, class, flashvars, height, id, model, name, pluginspage, pluginurl, src, type, width, wmode. The other attributes get removed. Until recent versions, flashvars too was disallowed.
To allow attributes like 'allowfullscreen', you will have to modify htmLawed code. This post should be helpful and explanatory enough.
PS: There are too many attributes for 'embed' -- see this list (http://support.apple.com/kb/TA26486?viewlocale=en_US) -- for htmLawed to individually cover, considering 'embed' is not a standard HTML element, and so the somewhat incomplete support for 'embed'. In a future release of htmLawed, perhaps, I will change the code so anything within 'embed' is allowed.
PHP Labware forum → htmLawed → Flash in htmLawed / clsid in classid