diff options
-rw-r--r-- | include/bbcode.php | 7 | ||||
-rwxr-xr-x | include/oembed.php | 5 |
2 files changed, 7 insertions, 5 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 6f6e43568..96242fdac 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -230,11 +230,10 @@ function bb_location($match) { function bbiframe($match) { $a = get_app(); - // use sandbox mode to prevent malicious goings on rather than host restriction - // if(strpos($match[1],get_app()->get_hostname())) - // return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; - return '<iframe sandbox="allow-scripts" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; + $sandbox = ((strpos($match[1],get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : ''); + + return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; } function bb_ShareAttributesSimple($match) { diff --git a/include/oembed.php b/include/oembed.php index 691ef48fd..42a9881ed 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -164,8 +164,11 @@ function oembed_iframe($src,$width,$height) { $a = get_app(); + $sandbox = ((strpos($src,get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : ''); + $s = $a->get_baseurl()."/oembed/".base64url_encode($src); - return '<iframe sandbox="allow-scripts" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; + + return '<iframe ' . $sandbox . ' height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; } |