Whats the best way to allow embedded content from another site
I'm building a blogging application at the moment and I am wondering what the best way to allow users to embed youtube/spotify/soundcloud content into the blog posts. From what I understand simply wrapping the post in html_safe could leave the site open to attacks if someone with not the best intentions gets login credentials.
The other option I thought of was letting users paste the urls (youtube.com/watch....) and generating the embed code by parsing the video id from the url. This seems like a lot of work to implement for each website and I'd rather not go messing around with regexes. I guess this is a common feature for sites and I was wondering what the standard way of doing this is.
Hey Daniel,
There's a concept called OEmbed that was designed to let services define their own embed codes. You just give their site the URL you want to embed and then send you JSON back on how to embed it.
There's a Ruby library for it that is pretty useful: https://github.com/ruby-oembed/ruby-oembed
This is the approach I'm using on Jumpstart Pro to provide embed codes in ActionText.