Menu
I want to enable users to submit video links in a post/comment and render it as embedded videos.
For example, youtube supplies code for embedding videos, something like:
<iframe width="420" height="345" src="http://www.youtube.com/embed/Rr6PWlOgPrs" frameborder="0" allowfullscreen></iframe>
If a user puts the above code fragment in a comment, how do I render it correctly?
Django auto-escapes all HTML tags, so by default the above code wouldn't work. But if I disable auto-escaping then I'd open a ton of security risks.
What's the best way of handling this?
515
The user should never be able to insert HTML directly. Look into django-oembed. This way the user will only have to paste in the URL and oembed will match it and switch the matched urls automatically with object embed code.
157
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
