modman wrote:Limadito wrote:Duckman wrote:And works like a charm... thanks modman (disabeled thanks button?)
Removing the "s" by hand will work for sure, the code I've suggested do that for the user (well, not exactly, but does the job... )

- Code: Select all
Warning
The BBCode you are trying to add seems to use a {TEXT} token inside a HTML attribute. This is a possible XSS security issue. Try using the more restrictive {SIMPLETEXT} or {INTTEXT} types instead. Only proceed if you understand the risks involved and you consider the use of {TEXT} absolutely unavoidable.
Yes, this is a stadard message while editing that bbCode, coming from the use of the {TEXT} token in the bbCode itself and no related to the mod proposed (try to modify the size attributes of the bbCode in use, and you will get the same warning). I've been using it for few years without security issues, but if you aren't sure, don't use it.

There is a way to avoid that warning, and is adding a video wrapper to the common.ccs file of the theme in use. This will allow the use of the newer YT player in HTML5 capable browsers (without using Flash layer), but won't work as a drop-in replacement (you will need to create a new tag for inserting video).
At the very end of your common.ccs, add:
- Code: Select all
/* Custom styles
---------------------------------------- */
.video-wrapper {
width: 640px;
max-width: auto;
}
.video-container {
position: relative;
padding-bottom: 56.25%;
padding-top: 30px;
height: 0;
overflow: hidden;
}
.video-container iframe, .video-container object, .video-container embed {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
}
The bbCode in use is
- Code: Select all
[yt]{IDENTIFIER}://{SIMPLETEXT}.youtube.com/watch?v={SIMPLETEXT2}[/yt]
And HTML Replacement is
- Code: Select all
<div class="video-wrapper">
<div class="video-container">
<iframe class="youtube-player" type="text/html" width="640" height="526" src="{IDENTIFIER}://{SIMPLETEXT}.youtube.com/embed/{SIMPLETEXT2}?rel=0" allowfullscreen frameborder="0"></iframe>
</div>
</div>
This bbCode will not trigger the warning mentioned above.