diff options
| author | friendica <info@friendica.com> | 2014-03-31 15:56:58 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-03-31 15:56:58 -0700 |
| commit | 57a9ba4574e61a803c0a732135fe457733901850 (patch) | |
| tree | 220bfaf22477de7e381b5cf264b960bcec7bbbd1 /include/oembed.php | |
| parent | 04d9187c7ac63b5af3f63ed8d04e737e5801d0e1 (diff) | |
| download | volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.tar.gz volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.tar.bz2 volse-hubzilla-57a9ba4574e61a803c0a732135fe457733901850.zip | |
this is a mess and makes a complicated security model that one can probably drive a truck through. It will have to be fixed. It does make youtubes work again.
Diffstat (limited to 'include/oembed.php')
| -rwxr-xr-x | include/oembed.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/include/oembed.php b/include/oembed.php index 691ef48fd..42a9881ed 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -164,8 +164,11 @@ function oembed_iframe($src,$width,$height) { $a = get_app(); + $sandbox = ((strpos($src,get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : ''); + $s = $a->get_baseurl()."/oembed/".base64url_encode($src); - return '<iframe sandbox="allow-scripts" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; + + return '<iframe ' . $sandbox . ' height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; } |