php - HTMLPurifier iframe Vimeo and Youtube video

Question

How can I use HTMLPurifier to filter xss but also to allow iframe Vimeo and Youtube video?

require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Trusted', true);

$config->set('Filter.YouTube', true);
$config->set('HTML.DefinitionID', '1');
$config->set('HTML.SafeObject', 'true');
$config->set('Output.FlashCompat', 'true');

$config->set('HTML.FlashAllowFullScreen', 'true');

$purifier = new HTMLPurifier($config);
$temp = $purifier->purify($temp);

Answer 1

HTMLPurifier version 4.4.0 has new configuration directives to allow YouTube and Vimeo iframes:

//allow iframes from trusted sources
$cfg->set('HTML.SafeIframe', true);
$cfg->set('URI.SafeIframeRegexp', '%^(https?:)?//(www.youtube(?:-nocookie)?.com/embed/|player.vimeo.com/video/)%'); //allow YouTube and Vimeo

• http://htmlpurifier.org/live/configdoc/plain.html#HTML.SafeIframe
• http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp