Announcement

Collapse
No announcement yet.

Need help migrating existing Youtube BB code to vBulletin video BB code

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Need help migrating existing Youtube BB code to vBulletin video BB code

    Before VB came out with their built-in video bb code we were using our own. I'd like to migrate my existing bb code to the new video bb code without having to touch de DB or having all my videos break. I need some assistance.

    Example URL from Youtube: http://www.youtube.com/watch?v=ZZv1vki4ou4

    Our existing bb code:
    PHP Code:
    [youtube]ZZv1vki4ou4[/youtube
    I think VB's built-in video code looks like this:
    PHP Code:
    [video=youtube;ZZv1vki4ou4]ZZv1vki4ou4[/video
    What I'd really like to do is leave my "[youtube][/youtube]" bb code markup intact and just change the parameters associated with it so that it safely displays what the VB video code displays (trying not to open myself to xss problems). Would someone please have a look and tell me how I would set this up? Thank you!


  • #2
    I am not sure what you are asking here.

    I have a vague idea and if I'm correct, you can't do that...

    Comment


    • #3
      Originally posted by CvP View Post
      I am not sure what you are asking here.
      The custom BB code that I was using to display Youtube videos (this predates VB's release of the built-in VIDEO bb code) has an xss vulnerability and I've chosen not to use it anymore. I've now having everyone post future videos using the VIDEO option. Problem is that there are about 900+ video posts that used my old "[youtube]whatever[/youtube]" bb code. Since the "[youtube]whatever[/youtube]" is already in place in each of those video posts I'd like to find a way to KEEP that BB code markup (just this part "[youtube]whatever[/youtube]") and edit all the parameters on the rest of the edit bb code page to clean it up. I figured since VB released a built-in video BB code that I could use its replacement code & parameters. Hopefully that makes more sense. Either way, what I'm needing is a clean, xss free way, of rewriting the existing Youtube bb code that I have in place.

      Comment


      • #4
        I'm also using the bbcode [youtube]code[/youtube]. My Replacement is the following:

        <iframe width="640" height="400" src="http://www.youtube.com/embed/{param}" frameborder="0" allowfullscreen></iframe>

        Do you think this has a xss vulnerability?

        Comment


        • #5
          Originally posted by Andy View Post
          Do you think this has a xss vulnerability?
          I'm sorry Danny, I wish I knew. I'm not a programmer so I have no idea. I was using this:

          PHP Code:
          <object width="640" height="360">
          <
          param name="movie" value="http://www.youtube.com/v/{param}"></param>
          <
          embed src="http://www.youtube.com/v/{param}" type="application/x-shockwave-flash" width="640" height="360"></embed>
          </
          object

          Comment


          • #6
            Originally posted by webtracker View Post
            I was using this:

            PHP Code:
            <object width="640" height="360">
            <
            param name="movie" value="http://www.youtube.com/v/{param}"></param>
            <
            embed src="http://www.youtube.com/v/{param}" type="application/x-shockwave-flash" width="640" height="360"></embed>
            </
            object
            That's the old Flash code which you don't need to use any more. I suggest updating your bbcode Replacement value with the one I'm using as I assume there isn't any vulnerability using that.

            Comment


            • #7
              Just use the one andy provided.

              Comment


              • #8
                Andy's is perfect!

                Comment


                • #9
                  Originally posted by Andy View Post
                  I'm also using the bbcode [youtube]code[/youtube]. My Replacement is the following:

                  <iframe width="640" height="400" src="http://www.youtube.com/embed/{param}" frameborder="0" allowfullscreen></iframe>

                  Do you think this has a xss vulnerability?
                  You should be mostly safe with this. Might want to add sandbox parameters on your iframe tag.

                  http://www.w3schools.com/tags/att_iframe_sandbox.asp
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud customization and demonstration site.
                  vBulletin 5 Documentation - Updated every Friday. Report issues here.
                  vBulletin 5 API - Full / Mobile
                  I am not currently available for vB Messenger Chats.

                  Comment

                  Related Topics

                  Collapse

                  Working...
                  X