How to protect yourself from XSS when you allow people to post RAW embeded codes?

Posted by Axel on Stack Overflow See other posts from Stack Overflow or by Axel
Published on 2010-03-20T02:52:18Z Indexed on 2010/03/20 3:01 UTC
Read the original article Hit count: 420

Filed under:
|

Hi.

Tumblr and other blogging websites allows people to post embeded codes of videos from youtube and all video networks.

but how they filter only the flash object code and remove any other html or scripts? and even they have an automated code that informes you this is not a valid video code.

Is this done with REGEX expressions? And Is there a PHP code to do that?

Thanks

© Stack Overflow or respective owner

Related posts about php

Related posts about regex