From 57a9ba4574e61a803c0a732135fe457733901850 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 31 Mar 2014 15:56:58 -0700
Subject: this is a mess and makes a complicated security model that one can
 probably drive a truck through. It will have to be fixed. It does make
 youtubes work again.

---
 include/bbcode.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'include/bbcode.php')

diff --git a/include/bbcode.php b/include/bbcode.php
index 6f6e43568..96242fdac 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -230,11 +230,10 @@ function bb_location($match) {
 function bbiframe($match) {
 	$a = get_app();
 
-	// use sandbox mode to prevent malicious goings on rather than host restriction
-	//	if(strpos($match[1],get_app()->get_hostname()))
-	//		return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
 
-	return '<iframe sandbox="allow-scripts" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
+	$sandbox = ((strpos($match[1],get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : '');
+
+	return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
 }
 
 function bb_ShareAttributesSimple($match) {
-- 
cgit v1.2.3