I have a form that will allow the client to add a Google Maps link code. I may change this to an embedded map.
Right now, I check all entries in the form to try to avoid code injection. What should I check to allow on a Google map? I am currently using preg_match on my other entries, but so far, I have not found the right combination to eliminate the bad entries and still allow Google Maps links to be added.
Where can I find something that will work, or is there a better solution?
I presume that the article will be added by your client as a trusted user (administrator of the site) not a site visitor user. What I would do is, add a certain key with some parameters i.e. #GOOGLE_MAP:lag=x,lng=x,radius=x# and replace it dynamically while loading. This way you don’t have to worry about filtration of malicious codes.
Yes, I have the form available only to someone with the role of administrator.
The idea was that they could copy the code from a Google map and paste that code into the form. I feel that should be safe, but wanted to be sure there was nothing malicious inserted.