I was wondering if anyone knew of a way to only allow embed codes like ones from youtube, vimeo, blip.tv, etc. into a form field? I have a form on my site that allow users to embed a video but I only want them to add the embed code html and nothing else dangerous like JS or additional html. Is there any tool out there that can do this or can this be done with just a regular expression? Thank you
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
You can possibly try the sanitize helper at http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html with some tweaks.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 祖国的老花朵 的文章《Only Allow Video Embed Codes (Rails)》','https://www.manongdao.com/article-708460.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}