What's your preferred method of sanitizing embed code entered in a form? In other words, is there an easy way of ONLY allowing users to embed video from YouTube and Vimeo for example? Do you use the Sanitize helper? If there is a proven solution to this I'd prefer to use it rather than reinventing the wheel. Thank you for reading my question.
A:
I would give the users custom tags for this, rather than trying to jump through the hoops required to verify embed tags.
For example:
[youtube id=kG16SqUl3bE]
Parse out the ID and generate the embed tag yourself in the view. Safe and easy, and you don't have to allow your users to enter HTML.
jdl
2010-07-10 02:41:19
Is there a solid code example of this somewhere? I don't even know where to start.
2010-07-29 23:11:40
http://stackoverflow.com/questions/2189497/help-me-with-this-sanitize-vimeo-embed-code/2191246#2191246 this did it for me.
2010-07-29 23:40:13