Add safe_html() for XSS-safe WYSIWYG HTML sanitization

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeEmbed.php

@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * A "safe" embed module. See SafeObject. This is a proprietary element.
+ */
+class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
+{
+    /**
+     * @type string
+     */
+    public $name = 'SafeEmbed';
+
+    /**
+     * @param HTMLPurifier_Config $config
+     */
+    public function setup($config)
+    {
+        $max = $config->get('HTML.MaxImgLength');
+        $embed = $this->addElement(
+            'embed',
+            'Inline',
+            'Empty',
+            'Common',
+            array(
+                'src*' => 'URI#embedded',
+                'type' => 'Enum#application/x-shockwave-flash',
+                'width' => 'Pixels#' . $max,
+                'height' => 'Pixels#' . $max,
+                'allowscriptaccess' => 'Enum#never',
+                'allownetworking' => 'Enum#internal',
+                'flashvars' => 'Text',
+                'wmode' => 'Enum#window,transparent,opaque',
+                'name' => 'ID',
+            )
+        );
+        $embed->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeEmbed();
+    }
+}
+
+// vim: et sw=4 sts=4