I have a website where a user can among other objects like text and images also insert a YouTube video into CKEditor type textarea form.
YouTube video is embedded by iFrame objects. But I don't want users to be able to insert any other iFrame except for YouTube (I am sure you can guess why)
So when the form is submitted I want to scan the $text variable for all iFrames and if they do not point to youtube.com or youtube-nocookie.com, remove those iFrame tags.
These are iFrames with allowed sources:
<iframe allowfullscreen="" frameborder="0" height="360" src="//www.youtube.com/embed/6dk-5HN4fvg" width="640"></iframe>
<iframe allowfullscreen="" frameborder="0" height="360" src="//www.youtube-nocookie.com/embed/IY37l4PDsao" width="640"></iframe>
The task:
- find the iFrame
- find the value of its SRC
- check if it is an allowed domain
- if not delete it, or disable it, but preserve the rest of the surrounding HTML
- check if there is another