Maybe you guys could help me out a little bit. I'm a little stuck. On my site, I would like to allow embeded links to sites like Youtube and other corresponding video sharing sites. However, all of my attempts to ask on the Boonex forums seem to draw a blank.
My site is oriented towards members adding their own tutorials, and with tutorials usually come videos. Rather than posting up a link, I would love my members the possiblity to just have embeded videos. This obviously would keep my members and the guests that might read these tutorials at my site rather than being linked elsewhere.
Can anyone possibly point to any kinds of information on what files and code needs to be modified to do this?
I would like to add this feature to Profiles, Blogs, and Articles.
Hello and Welcome aboard!!
You would need to be careful about what kind of code is allowed for a member to post. Code related to embedding is a touchy subject it seems with dolphin.
I haven't tried to embed a video as a member on my site lately. I can embed them by editing the database directly, but this wouldn't help your members.
There is a check that happens and it will strip out some of the un-allowed code. You can try this to see if it strips the code as a general/standard member. Login as a normal member. Post a blog or article. In the article where you write your content there should be a little "HTML" button in the upper right. Click on that and a new window opens to paste html code. Paste your embed code into there and then hit the update button. Then post your blog or article. If it works then your members can use this method or there is a hidden button for embedding videos in the editor that can be enabled or turned on that makes embedding a little easier. It sometimes screws up though, but you could play around with it.
If it doesn't work it means the code is being stripped by safehtml. You can edit safehtml to allow the particular code you want so it don't strip it anymore. However this is very dangerous and you could potentially be setting your site up for trouble.
I did edit safehtml with an earlier version of dolphin to allow embedding, but haven't messed with it much lately in this version.
On a site note, not sure if you did it on purpose or not, but on your profile page here at this site your website is missing part of the http, it only has htp. If you update it with the other t it will be clickable by other visitors. If you did this on purpose not a problem either.
Thanks for the info, and definitely for the speedy response. I got nowhere on the boonex forums when asking this question.
That is something I've been hearing is that there is a security risk, but I will check out safehtml and see if there is a way just to allow for video embeds.
Just a thought when it comes to the programmers down at Dolphin... or maybe even a freelance programmer to write a script making only certain websites able to be included for embeds. I know there are some on here that know their shit when it comes to modifying Dolphin script, so that might be a good mod to even make some cash off of.
Also, thanks for the heads up about my website link. It was accidental. I'll change it now.
Safehtml is basically the file that strips unwanted and unsafe code. You can simply edit the file to alter what is stripped and what is not stripped.
If you test with the above mentioned and you embeded video does work I can tell you how to show the embed plugin that is hidden and not available in the editor for your users.
If it don't work, then you would have to edit safehtml to allow embed related codes first.
I can't tell you to do it or not to do it. I don't recommend it but I have done it before and probably could round up a older safehtml edit that will allow embeded codes from the previous verion of dolphin.
Most members will not know any better, but if you have a busy and active site there is always the chance that you will find the so called hacker or bad guy that just wants to mess up your site.
I modified the safethml and now am able to have videos posted. I'm just wondering what kind of security issues may come having it? From what I have seen, my members (getting some from my forum) are pretty loyal. Of course, there is always the possibility of the jerkoffs out there that could post up malicious code.
The only two fields removed from safehtml were "emded" and "object" so all videos could be added.
Now, before I had one time where I had issues with my forum (SMF forum) where one of my affiliate links was Java, and the site decided to add a redirect line to that script the link was pointing to. That I obviously removed after finding it out.
What kind of security risks am I looking at with having "embed" and "object" removed from safehtml?
Try a google search for embed video exploits or xss and similar. There are a number you can find from injecting malicious code into the database to stealing passwords and logins. Most people will not have a clue, but it seems like there will always be someone that has nothing better to do than to try and mess your site up.
I hear ya man. I'm going to search around and see what possible extensions I could block making it only able to have embeded videos.
I did get around to reading a couple of certain exploits and how they are implicated and used to exploit the site and users. Either way, I'm sure we are all hoping that Dolphin finds the same ways to block these exploits as MySpace and Facebook have. One good modification, if available or will be in the future, would be able to have the site redirect when clicking on a link that is pointing you to an external site. I see this being extremely beneficial for web forums like vBulletin and others.
I noticed myspace did something like this a while back. If you post an external link on your page, comment, or elsewhere it will now prompt you that you are leaving myspace...are you sure this is what you want. Some kind of warning anyway.
Kind of a nice feature, but that also means no backlink from them anymore. Oh well, I never really used myspace for promoting other sites, but some people do or did I guess.