Hi, I am working on a social networking site and I would like to allow users post html embed codes of videos (youtube) or audios (soundcloud) to the site.
I only want to allow codes from these 2 sites (youtube and soundcloud). How do I check and restrict users to this without falling victim of xss or other security threats?
akanetsamson
Member
119 Points
136 Posts
Allowing users to post youtube and soundcloud embed codes
Jan 19, 2012 12:01 AM|LINK
Hi, I am working on a social networking site and I would like to allow users post html embed codes of videos (youtube) or audios (soundcloud) to the site.
I only want to allow codes from these 2 sites (youtube and soundcloud). How do I check and restrict users to this without falling victim of xss or other security threats?
typical youtube video embed code is:
<iframe width="560" height="315" src="http://www.youtube.com/embed/a-5IkDogt_o?rel=0" frameborder="0" allowfullscreen></iframe>
OR
<object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/a-5IkDogt_o?version=3&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/a-5IkDogt_o?version=3&hl=en_US&rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>
soundcloud embed code is:
<object height="81" width="100%"> <param name="movie" value="https://player.soundcloud.com/player.swf?url=http%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F30597948"></param> <param name="allowscriptaccess" value="always"></param> <embed allowscriptaccess="always" height="81" src="https://player.soundcloud.com/player.swf?url=http%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F30597948" type="application/x-shockwave-flash" width="100%"></embed> </object> <span><a href="http://soundcloud.com/stoneybaze/roxie-webster-let-it-go">Roxie Webster - Let It Go</a> by <a href="http://soundcloud.com/stoneybaze">stoneybaze</a></span>
Please explanation with codes would be helpful, thanks.
akanetsamson
Member
119 Points
136 Posts
Re: Allowing users to post youtube and soundcloud embed codes
Feb 04, 2012 12:29 PM|LINK
some one solved this but its in php :(
http://stackoverflow.com/questions/6432468/extract-specific-piece-of-url-encoded-querystring-in-an-object-embed-tag
can some1 help me convert it to c# please