1👍
✅
What I do on my site is have users submit a link to the YouTube video. No embed stuff, just the link. Then I use the oEmbed API to ask YouTube for the embed HTML code for the given link. If you trust YouTube, you can then use the HTML they give you without escaping it.
I’ve been doing this for 6 months now, it works really great.
3👍
The user should never be able to insert HTML directly. Look into django-oembed.
This way the user will only have to paste in the URL and oembed will match it and switch the matched urls automatically with object embed code.
- [Django]-Django Custom widget rendering
- [Django]-Simple Django Project Structure
- [Django]-How to pass date and id through url in django
- [Django]-Define component schema with drf-spectacular for django API
- [Django]-Is data in Django’s request.POST object sanitised, at least enough for direct use in an ORM query?
- [Django]-Python Piston equivalent for consuming RESTful APIs?
- [Django]-Python telegram bot: Access to contact information
- [Django]-Creating a Like-Gate (reveal tab) for a Facebook app, using Django/Python
- [Django]-Django/Python apps and prerequisites for developer environment
Source:stackexchange.com