0

this is most probably something very simple so please excuse me.

i have a variable $postVideo and within in variable is the entire embed code for a you tube link:

<iframe width="420" height="315" 
        src="//www.youtube.com/embed/UF-6M06lPZo" 
        frameborder="0" allowfullscreen></iframe>

now when i do echo $postVideo; it does not display the you tube video it shows the code on my page and in view source its printing this:

&lt;iframe width=&quot;420&quot; 
height=&quot;315&quot; 
 src=&quot;//www.youtube.com/embed/UF-6M06lPZo&quot; frameborder=&quot;0&quot; 
 allowfullscreen&gt;&lt;/iframe&gt;

now i know i can have the user put in the youtube ID and i do it that way, but the users in my CMS may add multiple Video's from multiple sources so wanted them to just add the embed code supplied.

so i suppose the question is how do i print it without the special char so it acts like it should.

thank you in advance.

PS don't watch the video if you are offended by bad language (its just a random one from yourtube)

Improve this question
4
  • you missed http in iframe src url Commented Feb 21, 2014 at 17:19
  • Why there is \\ in front of the URL ? Commented Feb 21, 2014 at 17:19
  • amended as the code did not show as i wanted Commented Feb 21, 2014 at 17:20
  • 2
    @PravinS - nope just using // will pick up https or http depending on the requesting source (IE on a http page or HTTPs page) Commented Feb 21, 2014 at 17:20

1 Answer 1

Reset to default
2

It looks like your CMS is automatically converting HTML entities for you to prevent XSS attacks. You just need to perform the opposite conversion using html_entity_decode(). Like this:

echo html_entity_decode($postVideo);

Though, you should keep in mind you will be outputting any arbitrary HTML the user entered onto the page. This could present a security issue if the user enters some kind of malicious script.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

yes that's what i needed thank you so much html_entity_decode works perfect. yes the CMS in question is wordpress and the users will be work colleagues so i should not worry too much i hope.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.