YouTube in an iframe without hardcoding - security risk?

Got something cool to share with AppGini users? Feel free to post it here!
Post Reply
bdurfee
Posts: 28
Joined: 2013-02-07 17:44

YouTube in an iframe without hardcoding - security risk?

Post by bdurfee » 2013-03-09 16:50

If you are just using your AG code for managing database content, but actually displaying the database content on your web site (in other words, AG is not your whole web site), there may be a way to enter YouTube without having to hardcode it.

Add the YouTube code as normal in the AG form as normal. It will convert certain characters into codes. In the output on your web page, convert the codes back into characters.

Code: Select all

    $pattern = array();
    $pattern[0] = '/</';
    $pattern[1] = '/>/';

    $replacement = array();
    $replacement[0] = '<';
    $replacement[1] = '>';

    $video = preg_replace($pattern, $replacement, $youtube_fieldcontents);
My concerns are:

1. What kind of security issues could this cause?
2. Are there ways to address those security issues?

Post Reply