Im working on a new project and i want certain users to be able to post embedded videos. Af far as i know this is quite risky in terms of security. Is there any way i can make sure that only embedded code from certain trusted sites (eg Google videos, yahoo videos, youtube etc) gets interpreted? I have a config file that i can edit to allow certain html tags. Can this be done by editing that file? Thanks a lot guys!
You can parse the code for certain keyphrases. e.g. preg_match('/src=http:\/\/.*video\.google\.com/', $embedded_code) EDIT: it may be easier/faster to use stristr()