diff options
| author | friendica <info@friendica.com> | 2014-03-30 15:01:51 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-03-30 15:01:51 -0700 |
| commit | b00478d3b5e6d12e2c726fbdde931b5e64ad5da9 (patch) | |
| tree | 94f033eaef7a89663e409acfd6e2681dd06029c8 /include | |
| parent | 9e5f4243941f3e7f3290698d1072895c1019d917 (diff) | |
| download | volse-hubzilla-b00478d3b5e6d12e2c726fbdde931b5e64ad5da9.tar.gz volse-hubzilla-b00478d3b5e6d12e2c726fbdde931b5e64ad5da9.tar.bz2 volse-hubzilla-b00478d3b5e6d12e2c726fbdde931b5e64ad5da9.zip | |
revise the sandbox
Diffstat (limited to 'include')
| -rw-r--r-- | include/bbcode.php | 2 | ||||
| -rwxr-xr-x | include/oembed.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index c8d1ab425..6f6e43568 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -234,7 +234,7 @@ function bbiframe($match) { // if(strpos($match[1],get_app()->get_hostname())) // return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; - return '<iframe sandbox="allow-same-origin allow-top-navigation" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; + return '<iframe sandbox="allow-scripts" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; } function bb_ShareAttributesSimple($match) { diff --git a/include/oembed.php b/include/oembed.php index 46b1d72c4..691ef48fd 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -165,7 +165,7 @@ function oembed_iframe($src,$width,$height) { $a = get_app(); $s = $a->get_baseurl()."/oembed/".base64url_encode($src); - return '<iframe sandbox="allow-same-origin allow-top-navigation" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; + return '<iframe sandbox="allow-scripts" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; } |