Allowing users to post youtube videos to your Ruby on Rails web app

Posted on 12 April 2008

This method allows your users to post youtube videos without exposing yourself to the vulnerabilities of them pasting in any script they like.

They can paste in either the embed code or the url for a video page and we will store this in the database and write a method on the model to extract the relevant video ID and then build the youtube embed code on the page ourselves.

Enough chat here's the ruby. Note that the database field we store the original user pasted code is called 'video code'

require 'hpricot'
class Video < ActiveRecord::Base
 def video_id
    unless video_code.nil?    
      # Check whether Youtube embed code was entered
      doc = Hpricot.parse(video_code)
    
      #Check if there is a movie param
      embed_url = if (element = doc % "//param[@name='movie']")
        element.attributes["value"]
      elsif (element = doc % "//embed") #Check for the movie code in the embed element
        element.attributes["src"]
      end
    
      #If we have pulled out a URL from the embed code, get the v param
      if embed_url && (match = %r{/v/(\w+)&}.match(embed_url))
        return match[1]
      end
    
      #If the user entered the video page url
      query_string = video_code.split( '?', 2)[1]
      if query_string
        params = CGI.parse(query_string)
        if params.has_key?("v")
          return params["v"][0]
        end
      end
    end
  end
end

Note that you need the hpricot gem to parse the text entered by the user.

sudo gem install hpricot

We can then use the video_id method to pull out the id and generate the youtube code safely...

<div class="youtube_video">
    <object width="425" height="355">
        <param name="movie" value="http://www.youtube.com/v/#{video_id}&hl=en"></param>
        <param name="wmode" value="transparent"></param>
        <embed src="http://www.youtube.com/v/#{video_id}&hl=en" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed>
    </object>
</div>

Articles Archive →

About Paul

Paul works for Kyan web design agency in Surrey, UK as a Ruby on Rails developer.

Follow Paul on Twitter

Email: paulsturgess [at] gmail.com

Read more articles in the archive →

Comments...

  • Not the nicest way to go, but there are not too many options, right? :) thanks, that was usefull

    medwezys at 17 Dec 09 at 02:35

  • maybe this is an option: http://stackoverflow.com/questions/1970903/only-allow-video-embed-codes-rails

    kalle at 24 Mar 10 at 16:27

  • Fantastic Post.
    But, once we have videos, say i want to paginate them.Like shown here:http://justletmesing.com/leaderboard.php
    How can i do that? :)
    And thanks again for the wonderful post

    santu at 14 Feb 11 at 04:48

  • @santu: use the will_paginate gem to paginate a collection of results

    Rob at 10 May 11 at 08:10

  • Fantastic tutorial, thanks a whole lot! And it still works, except that for embedding html code you can use <iframe width="560" height="349" src="http://www.youtube.com/embed/#{video_id}"></iframe>

    konstantin at 12 Jun 11 at 18:47

  • Do you have a version of this that works for the latest embed code? This doesn't seem to work for Youtube's new <iframe> embed code.

    Scott Greenfield at 26 Jun 11 at 17:04

  • yeah it works good, but it will be better if auto_html gem is used.It is simple to use in our app.

    https://github.com/dejan/auto_html

    Abhiram at 09 Mar 12 at 11:45

Got something to say?