How to validate embed tag?

I'm allowing users to embed content from youtube, vimeo, scribd, flickr, slideshare, etc. and therefore i'm allowing them to paste the embed code in a textbox.

I'm havin开发者_JAVA技巧g a hard time figuring out how to:

(a) validate that its indeed a correctly formed embed code and

(b) whether its not any malicious code that the user is trying to get my system to display.

This is a php website.

I've used htmlpurifier in the past. There are some others, but this one worked the best for me. You can whitelist all allowed code constructs and make the html code standard compliant. It's a good first line of defense against XXS attacks.

The library is quite big and can slow down your code if you don't install it correctly, so read the install docs carefully.

We will be implementing a system where we ask the user to specify the direct URL and we go and subsequently fetch appropriate data from that page.