How to block iframes in input

2

Hello, I have a website with a post system and the problem is this: the user can put a YouTube iframe for example in any resolution:

<iframe width="560" height="315" src="https://www.youtube.com/embed/CKjPutIlBCA"frameborder="0" allowfullscreen=""></iframe>

I want to put a width and height limit, the problem is that the user sends the code and the system interprets the way he writes, he wanted the system to detect the iframe and do not let the user post, or otherwise release the iframe and resize automatically, help me I do not know how I do it.

    
asked by anonymous 30.11.2015 / 02:03

1 answer

1

When you receive the value of the input entered by the user, just sanitize the value.

Example:

$str = '<iframe width="560" height="315" src="https://www.youtube.com/"frameborder="0" allowfullscreen=""></iframe>';
preg_match_all('#\bhttps?://[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|/))#', $str, $match);
print_r($match);

This routine extracts only the URL format.

So you do not have to worry if the user entered with iframe , frame , a href or something else.

If the result preg_match_all() does not return anything in the $match variable, the user may not have entered any valid URLs within the regular expression rule applied in this routine. For this case, of course, return an error message to the user.

There are other ways to extract the URL using other functions and techniques. Apply what's convenient for you.

    
30.11.2015 / 08:04