Welcome to WebmasterWorld Guest from

Forum Moderators: rogerd

Message Too Old, No Replies

How do you allow videos in forum posts

when attempting to sanitize user-submitted content

10:13 pm on Sep 30, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2003
votes: 0

Assuming you filter user-submitted content (to prevent scripting attacks and whatnot), how do you then allow your users to post videos from sites like Youtube, Vimeo, etc. in which the "copy and paste" code explicitly contains scripting?
3:30 pm on Oct 3, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 4, 2004
votes: 0

You'd have to validate and the what/how depends on the forum software. With phpBB you can create custom BBcodes but you need to be careful you limit it. For example the base URL for a youtube video is:


The BBcode setup in the control panel would look something like this:


The URL when posted would first have to start with:


{SIMPLETEXT} only allows for "Characters from the latin alphabet (A-Z), numbers, spaces, commas, dots, minus, plus, hyphen and underscore".

If the posted URL doesn't meet that criteria its rejected and parsed as plain text. If it does meet that criteria the second panel allows for replacement which in this case would be the HTML provided by youtube (note I shortened it to keep it simple):

<object width="300" height="200"><param name="movie" value="http://www.youtube.com/v/{SIMPLETEXT}"></object>

The only input you're using from the user is the {SIMPLETEXT} which can only contain the values I listed above. How other forums handle it I don't know and they may require modification.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members