smartin1017 Posted January 18, 2009 Share Posted January 18, 2009 Hey guys, I waswondering, I am finishing up a membership site in which i would like to give people the opportunity to put youtube videos and other embed coded things on a wall on their profiles. Am I leaving myself open to anything malicious. I see it all over the place and most of these social networks have this feature but i wanted to get some info on it. Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/141297-what-are-the-security-risks-of-letting-people-embed-on-your-site/ Share on other sites More sharing options...
DarkSuperHero Posted January 18, 2009 Share Posted January 18, 2009 you would probably need to have a list of approved tags, and approved attributes so there would be no javascript executing on your pages, or anything malicious....you would need to filter through what their trying to embed....just my thoughts....:-P i might be wrong hahahah Quote Link to comment https://forums.phpfreaks.com/topic/141297-what-are-the-security-risks-of-letting-people-embed-on-your-site/#findComment-739551 Share on other sites More sharing options...
dropfaith Posted January 18, 2009 Share Posted January 18, 2009 yea anytime you allow users to do things on a site your opening the door you need to filter what you allow for example allowing youtube videos fine in most cases but not filtering the embed tag i can create some pretty horrible flash that pulls php javascript and all kinds of other things into the picture Quote Link to comment https://forums.phpfreaks.com/topic/141297-what-are-the-security-risks-of-letting-people-embed-on-your-site/#findComment-739558 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.