Safely Allow Embedded Media on User Pages

Hi,

I’m working on allowing users of my website to embed media from places
like YouTube, Flickr, Google Video, Slide.com, etc. into their home
pages, but I wanted to know if anyone had suggestions or links to good
articles about how to make sure the embedded content is cleaned / safe.

One thing that came to mind was to regular expression check against each
type of embedded media. Seems like this would probably be the safest
route, but that would be quite tedious to do for every possible source.

Please let me know if you have any ideas, snippets, suggestions, or
links. Thanks.

–kortina

Hi Kortina (or anyone else)

I am looking to do the same thing. Have you found a good solution for
this?

Thanks!

Andrew K. wrote:

Hi,

I’m working on allowing users of my website to embed media from places
like YouTube, Flickr, Google Video, Slide.com, etc. into their home
pages, but I wanted to know if anyone had suggestions or links to good
articles about how to make sure the embedded content is cleaned / safe.

One thing that came to mind was to regular expression check against each
type of embedded media. Seems like this would probably be the safest
route, but that would be quite tedious to do for every possible source.

Please let me know if you have any ideas, snippets, suggestions, or
links. Thanks.

–kortina

simply get the video ID, and then construct the html yourself. You can
probably use a regex to extract the ID from the embed code, and then
reconstruct the safe HTML without a problem.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs