Validating/Allowing YouTube Embed Code

Posted by mellowsoon on Stack Overflow See other posts from Stack Overflow or by mellowsoon
Published on 2010-12-21T10:46:42Z Indexed on 2010/12/21 10:54 UTC
Read the original article Hit count: 210

Filed under:

php

|

youtube

Hi, hopefully this is a simple question. I have a simple custom forum on my site written in PHP. For security reasons I don't allow any HTML in the forum posts. I only allow certain BBCode tags. I would however like to allow embedded YouTube videos.

So my question is this: What's the best (most secure) way to validate the YouTube embed code? YouTube is currently using iframes to embed videos, but obviously I can't just allow the iframe tag. I also need to ensure the src of the iframe is a YouTube URL, and ensure there's no other malicious bits of code in the iframe code.

© Stack Overflow or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about youtube

Mouse Over YouTube Previews YouTube Videos in Chrome

as seen on How to geek - Search for 'How to geek'
If you’re an avid YouTube video watcher, Mouse Over YouTube is a free Chrome extension that pops up a preview of any video you mouse over. Install the extension, put your mouse cursor over any YouTube video thumbnail, and a preview pops up in the upper right corner of your Chrome browser window… >>> More
How to play youtube videos which using Youtube.apk for android 2.1 platform

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a problem, I have a Youtube.apk that version is 1.5.20, so I would like to play Youtube videos in android 2.1 platform, but some problems: ======================================================================================= I/ActivityManager( 52): Starting activity: Intent { act=android… >>> More
YouTube API Office Hours May 23, 2012

as seen on Google Code - Search for 'Google Code'
YouTube API Office Hours May 23, 2012 This is a recording of the YouTube API Hangout on Air from Wednesday 5/23 at 10am PDT (UTC-7) Jeffrey Posnick spoke about the new CORS support in the YouTube API. JJ Shannon Behrens with Jarek Wilkiewicz covered YouTube sessions schedule at Google I/O (developers… >>> More
Get youtube video's title with jQuery using youtube api

as seen on Stack Overflow - Search for 'Stack Overflow'
What is the easiest way to get the title from the youtybe video , for example this video title : http://www.youtube.com/watch?v=Wp7B81Kx66o Thanks ! >>> More
Uploading to Youtube via a proxy using the Java Youtube API

as seen on Stack Overflow - Search for 'Stack Overflow'
So I want to write a servlet which uploads a video to a youtube channel using the Java API, but I can't seem to find a way of specifying that I want to go through a proxy server. I've seen an example on this site where someone managed to do this using C#, but the Classes they used don't seem to exist… >>> More