Wash <iframe> for embedding YouTube etc.
Last updated: Thursday 17 November 2011 21:49
| UNIX name |
Owner |
Status |
Version |
Compatible with |
| iframewash |
Leif Arne Storset |
beta
|
0.1
|
4.5
|
Allowing your users to enter arbitrary HTML code for embedding YouTube is very dangerous, but with proper washing it's ok. This template operator will check that the iframe refers to an approved domain (see .ini files) and doesn't include CSS or JavaScript.
Known issues:
- I haven't researched iframe security in depth, so contributions are welcome.
- This should probably be a datatype, to enable immediate feedback when editors enter a blocked iframe.