Hi - Anyone have any experience with safely allowing users to enter a YouTube or other such embed link safely into a form for later display? Is there a simple way to selective sanitize/escape and only allow embedded flash vids? Thanks, Dino --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
What about just allowing them to submit the URL - then you do the embedding by grepping out the video ID. dino d. wrote:> > Hi - Anyone have any experience with safely allowing users to enter a > YouTube or other such embed link safely into a form for later > display? Is there a simple way to selective sanitize/escape and only > allow embedded flash vids? > > Thanks, > Dino > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, I actually supporting that on my site (not public yet). Users can enter the url and a description. Before displaying it I make sure the link points to youtube and that it is actually working. If so I allow it into the DB. I plan to add "report abuse" or something like that so others can comment if it is not appropriate. I''m interested to know how others do it or would do it... Cheers. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Good suggestions. The problem is, video web mostly have "embed" links, so I''d like to just go with the flow and allow embeds. But they strike me as super dangerous. But I guess this isn''t a Rails problem, everyone has to deal with dangerous embeds. I''ll post if I come up with a solution. Thanks again, Dino On Jul 14, 10:59 am, comopasta Gr <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Hi, > > I actually supporting that on my site (not public yet). > Users can enter the url and a description. Before displaying it I make > sure the link points to youtube and that it is actually working. If so I > allow it into the DB. I plan to add "report abuse" or something like > that so others can comment if it is not appropriate. > > I''m interested to know how others do it or would do it... > > Cheers. > > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---