Hi - Anyone have any experience with safely allowing users to enter a
YouTube or other such embed link safely into a form for later
display? Is there a simple way to selective sanitize/escape and only
allow embedded flash vids?
Thanks,
Dino
What about just allowing them to submit the URL - then you do the
embedding by grepping out the video ID.
Hi,
I actually supporting that on my site (not public yet).
Users can enter the url and a description. Before displaying it I make
sure the link points to youtube and that it is actually working. If so I
allow it into the DB. I plan to add “report abuse” or something like
that so others can comment if it is not appropriate.
I’m interested to know how others do it or would do it…
Cheers.
Good suggestions. The problem is, video web mostly have “embed” links,
so I’d like to just go with the flow and allow embeds. But they
strike me as super dangerous. But I guess this isn’t a Rails problem,
everyone has to deal with dangerous embeds. I’ll post if I come up
with a solution.
Thanks again,
Dino
On Jul 14, 10:59 am, comopasta Gr [email protected]