aboutsummaryrefslogtreecommitdiffstats
path: root/include/bbcode.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-03-31 15:56:58 -0700
committerfriendica <info@friendica.com>2014-03-31 15:56:58 -0700
commit57a9ba4574e61a803c0a732135fe457733901850 (patch)
tree220bfaf22477de7e381b5cf264b960bcec7bbbd1 /include/bbcode.php
parent04d9187c7ac63b5af3f63ed8d04e737e5801d0e1 (diff)
downloadvolse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.tar.gz
volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.tar.bz2
volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.zip
this is a mess and makes a complicated security model that one can probably drive a truck through. It will have to be fixed. It does make youtubes work again.
Diffstat (limited to 'include/bbcode.php')
-rw-r--r--include/bbcode.php7
1 files changed, 3 insertions, 4 deletions
diff --git a/include/bbcode.php b/include/bbcode.php
index 6f6e43568..96242fdac 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -230,11 +230,10 @@ function bb_location($match) {
function bbiframe($match) {
$a = get_app();
- // use sandbox mode to prevent malicious goings on rather than host restriction
- // if(strpos($match[1],get_app()->get_hostname()))
- // return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
- return '<iframe sandbox="allow-scripts" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
+ $sandbox = ((strpos($match[1],get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : '');
+
+ return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
}
function bb_ShareAttributesSimple($match) {