Fix embedding flash on non-IE browsers and allow more wmode.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2024-09-16 17:35:19 +00:00 · 2010-05-21 12:56:37 -04:00 · 2010-05-21 12:56:37 -04:00 · a32d5b52e1
commit a32d5b52e1
parent a3d71fe606
8 changed files with 25 additions and 18 deletions
--- a/2
+++ b/2
@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
  when %CSS.Trusted is on.
 ! Add %Cache.SerializerPermissions option for custom serializer
  directory/file permissions
+! Fix longstanding bug in Flash support for non-IE browsers, and
+  allow more wmode attributes.
 - Switch to an iterative traversal of the DOM, which prevents us
  from running out of stack space for deeply nested documents.
  Thanks Maxim Krizhanovsky for contributing a patch.
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@ -367,7 +367,7 @@
 </directive>
 <directive id="HTML.FlashAllowFullScreen">
  <file name="HTMLPurifier/AttrTransform/SafeParam.php">
-   <line>37</line>
+   <line>38</line>
  </file>
 </directive>
 <directive id="Core.EscapeInvalidChildren">
--- a/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/library/HTMLPurifier/AttrTransform/SafeParam.php
@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform

    public function __construct() {
        $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+        $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
    }

    public function transform($attr, $config, $context) {
@ -41,7 +42,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
                }
                break;
            case 'wmode':
-                $attr['value'] = 'window';
+                $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
                break;
            case 'movie':
            case 'src':
--- a/library/HTMLPurifier/Generator.php
+++ b/library/HTMLPurifier/Generator.php
@ -132,19 +132,7 @@ class HTMLPurifier_Generator
            $_extra = '';
            if ($this->_flashCompat) {
                if ($token->name == "object" && !empty($this->_flashStack)) {
-                    $flash = array_pop($this->_flashStack);
-                    $compat_token = new HTMLPurifier_Token_Empty("embed");
-                    foreach ($flash->attr as $name => $val) {
-                        if ($name == "classid") continue;
-                        if ($name == "type") continue;
-                        if ($name == "data") $name = "src";
-                        $compat_token->attr[$name] = $val;
-                    }
-                    foreach ($flash->param as $name => $val) {
-                        if ($name == "movie") $name = "src";
-                        $compat_token->attr[$name] = $val;
-                    }
-                    $_extra = "<!--[if IE]>".$this->generateFromToken($compat_token)."<![endif]-->";
+                    // doesn't do anything for now
                }
            }
            return $_extra . '</' . $token->name . '>';
--- a/library/HTMLPurifier/HTMLModule/SafeEmbed.php
+++ b/library/HTMLPurifier/HTMLModule/SafeEmbed.php
@ -21,7 +21,7 @@ class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
                'allowscriptaccess' => 'Enum#never',
                'allownetworking' => 'Enum#internal',
                'flashvars' => 'Text',
-                'wmode' => 'Enum#window',
+                'wmode' => 'Enum#window,transparent,opaque',
                'name' => 'ID',
            )
        );
--- a/library/HTMLPurifier/HTMLModule/SafeObject.php
+++ b/library/HTMLPurifier/HTMLModule/SafeObject.php
@ -29,7 +29,6 @@ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
                'width'  => 'Pixels#' . $max,
                'height' => 'Pixels#' . $max,
                'data'   => 'URI#embedded',
-                'classid' => 'Enum#clsid:d27cdb6e-ae6d-11cf-96b8-444553540000',
                'codebase' => new HTMLPurifier_AttrDef_Enum(array(
                    'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
            )
--- a/smoketests/preserveYouTube.php
+++ b/smoketests/preserveYouTube.php
@ -22,6 +22,23 @@ $string = '<object width="425" height="350"><param name="movie" value="http://ww
 <object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>

 <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="385" width="480"><param name="width" value="480" /><param name="height" value="385" /><param name="src" value="http://www.youtube.com/p/E37ADDDFCA0FD050&amp;hl=en" /><embed height="385" src="http://www.youtube.com/p/E37ADDDFCA0FD050&amp;hl=en" type="application/x-shockwave-flash" width="480"></embed></object>
+
+<object
+    classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
+    id="ooyalaPlayer_229z0_gbps1mrs" width="630" height="354"
+    codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param
+    name="movie" value="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
+    /><param name="bgcolor" value="#000000" /><param
+    name="allowScriptAccess" value="always" /><param
+    name="allowFullScreen" value="true" /><param name="flashvars"
+    value="embedType=noscriptObjectTag&embedCode=pteGRrMTpcKMyQ052c8NwYZ5M5FdSV3j"
+    /><embed src="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
+    bgcolor="#000000" width="630" height="354"
+    name="ooyalaPlayer_229z0_gbps1mrs" align="middle" play="true"
+    loop="false" allowscriptaccess="always" allowfullscreen="true"
+    type="application/x-shockwave-flash"
+    flashvars="&embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za"
+    pluginspage="http://www.adobe.com/go/getflashplayer"></embed></object>
 ';

 $regular_purifier = new HTMLPurifier();
--- a/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
+++ b/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
@ -2,5 +2,5 @@
 HTML.SafeObject = true
 Output.FlashCompat = true
 --HTML--
-<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /><!--[if IE]><embed width="425" height="350" src="http://www.youtube.com/v/BdU--T8rLns" allowScriptAccess="never" allowNetworking="internal" wmode="window" /><![endif]--></object>
+<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /></object>
 --# vim: et sw=4 sts=4