0

this is most probably something very simple so please excuse me.

i have a variable $postVideo and within in variable is the entire embed code for a you tube link:

<iframe width="420" height="315" 
        src="//www.youtube.com/embed/UF-6M06lPZo" 
        frameborder="0" allowfullscreen></iframe>

now when i do echo $postVideo; it does not display the you tube video it shows the code on my page and in view source its printing this:

&lt;iframe width=&quot;420&quot; 
height=&quot;315&quot; 
 src=&quot;//www.youtube.com/embed/UF-6M06lPZo&quot; frameborder=&quot;0&quot; 
 allowfullscreen&gt;&lt;/iframe&gt;

now i know i can have the user put in the youtube ID and i do it that way, but the users in my CMS may add multiple Video's from multiple sources so wanted them to just add the embed code supplied.

so i suppose the question is how do i print it without the special char so it acts like it should.

thank you in advance.

PS don't watch the video if you are offended by bad language (its just a random one from yourtube)

Improve this question
4
  • you missed http in iframe src url Commented Feb 21, 2014 at 17:19
  • Why there is \\ in front of the URL ? Commented Feb 21, 2014 at 17:19
  • amended as the code did not show as i wanted Commented Feb 21, 2014 at 17:20
  • 2
    @PravinS - nope just using // will pick up https or http depending on the requesting source (IE on a http page or HTTPs page) Commented Feb 21, 2014 at 17:20

1 Answer 1

Reset to default
2

It looks like your CMS is automatically converting HTML entities for you to prevent XSS attacks. You just need to perform the opposite conversion using html_entity_decode(). Like this:

echo html_entity_decode($postVideo);

Though, you should keep in mind you will be outputting any arbitrary HTML the user entered onto the page. This could present a security issue if the user enters some kind of malicious script.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

yes that's what i needed thank you so much html_entity_decode works perfect. yes the CMS in question is wordpress and the users will be work colleagues so i should not worry too much i hope.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.