diff options
| author | friendica <info@friendica.com> | 2014-03-31 15:56:58 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-03-31 15:56:58 -0700 |
| commit | 57a9ba4574e61a803c0a732135fe457733901850 (patch) | |
| tree | 220bfaf22477de7e381b5cf264b960bcec7bbbd1 /include/bbcode.php | |
| parent | 04d9187c7ac63b5af3f63ed8d04e737e5801d0e1 (diff) | |
| download | volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.tar.gz volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.tar.bz2 volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.zip | |
this is a mess and makes a complicated security model that one can probably drive a truck through. It will have to be fixed. It does make youtubes work again.
Diffstat (limited to 'include/bbcode.php')
| -rw-r--r-- | include/bbcode.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 6f6e43568..96242fdac 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -230,11 +230,10 @@ function bb_location($match) { function bbiframe($match) { $a = get_app(); - // use sandbox mode to prevent malicious goings on rather than host restriction - // if(strpos($match[1],get_app()->get_hostname())) - // return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; - return '<iframe sandbox="allow-scripts" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; + $sandbox = ((strpos($match[1],get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : ''); + + return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; } function bb_ShareAttributesSimple($match) { |