Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Maybe instead of allowing people to post HTML, you could search the input for things that might be links to YouTube videos, and then splice in the code yourself. </p> <p>I found this code on StackOverflow earlier today: <a href="https://stackoverflow.com/questions/5830387/php-regex-find-all-youtube-video-ids-in-string">How do I find all YouTube video ids in a string using a regex?</a></p> <p>It searches a string for YouTube URLs, and replaces them with links. Below is a modified version of the code that replaces the URLs with <code>&lt;iframe/&gt;</code>s</p> <pre><code>// Linkify youtube URLs which are not already links. // From https://stackoverflow.com/questions/5830387/php-regex-find-all-youtube-video-ids-in-string function linkifyYouTubeURLs($text) { $text = preg_replace('~ # Match non-linked youtube URL in the wild. (Rev:20111012) https?:// # Required scheme. Either http or https. (?:[0-9A-Z-]+\.)? # Optional subdomain. (?: # Group host alternatives. youtu\.be/ # Either youtu.be, | youtube\.com # or youtube.com followed by \S* # Allow anything up to VIDEO_ID, [^\w\-\s] # but char before ID is non-ID char. ) # End host alternatives. ([\w\-]{11}) # $1: VIDEO_ID is exactly 11 chars. (?=[^\w\-]|$) # Assert next char is non-ID or EOS. [?=&amp;+%\w-]* # Consume any URL (query) remainder. ~ix', ' &lt;iframe width="560" height="315" src="http://www.youtube.com/embed/$1"&gt;&lt;/iframe&gt; ', $text); return $text; } </code></pre> <p>You could implement it like this:</p> <pre><code>&lt;?php $text = 'This is my comment. It contains an XSS attack!: &lt;script type="text/javascript"&gt; alert(\'bam\'); &lt;/script&gt; I learned about XSS on YouTube: http://www.youtube.com/watch?v=i38LMZyKIqI '; // Sanitize XSS (e.g.: convert '&lt;' to '&amp;lt;') $output = htmlspecialchars($text); $pattern = []; $output = linkifyYouTubeURLs($output); // Add natural line breaks $output = nl2br($output); echo $output; ?&gt; </code></pre> <p>XSS attacks are stopped, but the YouTube links get converted into videos. You could probably modify it further to work with Vimeo and the other major video providers.</p> <p>Here is the code in action:</p> <p><a href="http://codepad.viper-7.com/8w0h1F" rel="nofollow noreferrer">http://codepad.viper-7.com/8w0h1F</a></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload