General developer forum

validating iframe content in atto without touch the core code

 
6
validating iframe content in atto without touch the core code
 

I want to add a validation in atto editor.
I don't want to allow iframe tags that embed content from ANY site but rather from pre-defined domains which I will specify in the code.

this validation will search the submitted content for any iframe tags and if it comes across one that it's "src" property is not in the domain white list - prompt the user with a friendly message such as "you embedded an iframe to an unauthorized site, please remove it and re-submit"

and this must be a server side validation, not a client side one.

I already wrote the block of PHP code that checks the submitted content against the white list but the question is where do I put this code so that the next time I'm upgrading moodle - it won't get overwritten?


I'm using moodle 3.1 by the way.

 
Average of ratings: -