Wysiwyg and embeded videos - is there PHP filtering class

Question

I want to let my 'untrusted' users to use wysiwyg plus to embed videos (at least from YouTube) in their posts. Is there a universal PHP class to filter outputs to protect from xss?

Related http://stackoverflow.com/questions/2319956/are-there-any-good-php-based-html-filters-available/2319996#2319996, http://stackoverflow.com/questions/1210042/html-purifier-what-to-purify, http://stackoverflow.com/questions/2774074/best-practice-user-generated-html-cleaning, http://stackoverflow.com/questions/3048982/tinymce-security-question-how-do-you-prevent-malicious-input — Mike B, Nov 29 '10 at 16:34

score 0 · Answer 1 · answered Nov 29 '10 at 16:34

0

Nope. Your best bet is to create a new button for embedding the video. And ditching wysiwyg plus if it doesn't use some kind of bb code. Or accept the possibility of XSS.

answered Nov 29 '10 at 16:34

DampeS8N

3,621
17
20

score 0 · Accepted Answer · answered Nov 29 '10 at 16:36

0

The issue should not only be limited to preventing XSS when adding a YouTube link, what about the rest of the content? There are a couple of options for handling the output of what users may enter, see:

Sanitize

and

AntiSamy

answered Nov 29 '10 at 16:36

SW4

69,876
20
132
137

Wysiwyg and embeded videos - is there PHP filtering class

2 Answers2