| Author |
 Topic  |
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
AnonJr
Moderator
United States
5768 Posts |
 Posted - 21 June 2009 : 13:49:42
|
Its a nice idea, but you need to be very careful of cross-site scripting attacks...
I - personally - don't like to allow outside content unless I have strict control over it. |
 |
|
|
Panhandler
Average Member
USA
783 Posts |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 23 June 2009 : 10:21:31
|
| Marcel's code is specific to videos - and thoroughly checks the input. Unless I mis-read, leatherlips is looking for something a little more generic that would let you embed a Google Map as easily as a YouTube video. |
|
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 23 June 2009 : 11:32:05
|
Leatherlips, if that is what you want ; allow your users to embed everything they want to embed, the solution is simple: turn on HTML.
Beware of the results, as this is a severe security risk, enabling cross-site scripting attacks but also embedding of dangerous javascript, messing up your forum severely as well as your forum visitors security.
In other words ; you really do not want to enable this.... If you do, I'd say: you're on your own. |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 23 June 2009 11:33:18 |
|
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 29 June 2009 : 17:18:36
|
If you were to open your posting up to allow HTML
You could probably achieve what you want by placing those members into a user group that allows HTML. Of course, you would have to do some direct retooling of the code to achieve that allowance.
After that you might consider setting all of those posts by that usergroup to be moderated only, and then alter your link(s) to each topic (while each is in a moderated status) to not show you the rendered post, but rather to show you the Edit form of the post. I say this because if you view the post, and it is malicious, then guess who gets the attack first? If you are viewing the post in Edit view, then you get a first chance to view the post as neutralized code and not view the post as rendered code. That's the theory anyway. 
|
|
|
|
kyodai
New Member
Azerbaijan
74 Posts |
Posted - 30 June 2009 : 15:10:37
|
I am thinking about adding the youtube embed on my forums - i will probably do it as i think youtube is quite safe.
I have made a quite special embedding code for my site which is partially based on the video embedding sources posted here. The difference is just that i check for [wmv] tags and these dont hold the whole url but just a filename like "myvideo.wmv". the wmv tag triggers an iframe that points to my video.asp which will embed a wmv video with my url+ the video name. That way only videos that were uploaded onto my backend site can be embedded and i also made the video.asp so it will only display the video if the user is logged in - that way visitors only see "Please register to be able to watch videos", saving my bandwidth and giving people another reason to join. |
|
|
| |
Topic |
|
Embed Code MOD
