harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

this is a mess and makes a complicated security model that one can probably drive a truck through. It will have to be fixed. It does make youtubes work again.

Browse Source
This commit is contained in:
friendica
2014-03-31 15:56:58 -07:00
parent 04d9187c7a
commit 57a9ba4574
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/bbcode.php
View File

@@ -230,11 +230,10 @@ function bb_location($match) {
function bbiframe($match) {
$a = get_app();
// use sandbox mode to prevent malicious goings on rather than host restriction
// if(strpos($match[1],get_app()->get_hostname()))
// return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
return '<iframe sandbox="allow-scripts" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
$sandbox = ((strpos($match[1],get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : '');
return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
}
function bb_ShareAttributesSimple($match) {