How to protect yourself from XSS when you allow people to post RAW embed codes?
Posted
by Axel
on Stack Overflow
See other posts from Stack Overflow
or by Axel
Published on 2010-03-20T02:52:18Z
Indexed on
2010/03/27
23:03 UTC
Read the original article
Hit count: 248
Hi.
Tumblr and other blogging websites allows people to post embeded codes of videos from youtube and all video networks.
but how they filter only the flash object code and remove any other html or scripts? and even they have an automated code that informes you this is not a valid video code.
Is this done using REGEX expressions? And Is there a PHP class to do that?
Thanks
© Stack Overflow or respective owner