Blog

Posted by david on 10 January 2016 at 11:20 am
While working on the Summernote app for Clay, I noticed attached videos (from YouTube, vimeo, etc) were put in iframes. Unfortunately my HTML filter forbids iframes and for good reason. So, I made something new instead. I've made a way to embed videos, images, tweets, Github's, etc, without compromising to XSS attackers. It uses a server side response to validate a request and then attaches the relevant tags to display the type of content. I actually borrowed part of the idea, but haven't seen an implementation quite like mine. It uses ajax of course, so each item loads independently and uses a standard starter tag to launch it, regardless of content type. I built the JavaScript side into the main JS file for Clay, so it will work anywhere on the page. I still have to do the button actions in Summernote, but that looks fairly easy.

Comments

Log in to comment

No comments yet!