How to block iframes in input

Asked

Viewed 490 times

2

Hello, I have a website with posting system and the problem is this: the user can put a youtube iframe for example in any resolution :

<iframe width="560" height="315" src="https://www.youtube.com/embed/CKjPutIlBCA" frameborder="0" allowfullscreen=""></iframe>

I want to put a width and height limit, the problem is that the user sends the code and the system interprets the way he writes, wanted the system to detect the iframe and not let the user post, or else release the iframe and resize automatically, help me I don’t know how I do it.

1 answer

1


The moment you receive the input value entered by the user, just select the value.

Example:

$str = '<iframe width="560" height="315" src="https://www.youtube.com/" frameborder="0" allowfullscreen=""></iframe>';
preg_match_all('#\bhttps?://[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|/))#', $str, $match);
print_r($match);

This routine extracts only what has URL format.

With this, no need to worry if user entered iframe, frame, a href or anything else.

If the result preg_match_all() do not return anything in the variable $match, possibly the user has not entered any valid URL within the regular expression rule applied to that routine. For this case, obviously return an error message to the user.

There are other different ways to extract the URL using other functions and techniques. Apply what is convenient for your case.

  • Thanks, also managed to settle with FILTER_SANITIZE_FULL_SPECIAL_CHARS

  • But FILTER_SANITIZE_FULL_SPECIAL_CHARS only converts html codes into htmlentities. This is totally different from extracting the URL.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.