diff --git a/customembed.js b/customembed.js
new file mode 100644
index 00000000..6cdb844e
--- /dev/null
+++ b/customembed.js
@@ -0,0 +1,17 @@
+const allowed = ["iframe", "object", "param", "embed"];
+const tag_re = /<\s*\/?\s*([a-z]+)(\s*([a-z]+)\s*=\s*('[^']*'|"[^"]*"|[^"'>]*))*\s*>/ig;
+
+function filter(str) {
+    str = str.replace(tag_re, function (match, tag) {
+        if(!~allowed.indexOf(tag.toLowerCase())) {
+            return match.replace("<", "&lt;").replace(">", "&gt;");
+        }
+        return match;
+    });
+    str = str.replace(/(\bon\w*\s*=\s*('[^']*'|"[^"]"|[^\s><]*))/ig, function () {
+        return "";
+    });
+    return str;
+}
+
+exports.filter = filter;