no_iframes: remove everything except good iframes

diff --git a/plugins/no_iframes/init.php b/plugins/no_iframes/init.php
index c66d7abafa718f9f0349307f50566f83aa5dd2cb..35f7187f5843827a1aab8a61a3e40440eea32c41 100644 (file)
--- a/plugins/no_iframes/init.php
+++ b/plugins/no_iframes/init.php
@@ -4,7 +4,7 @@ class No_Iframes extends Plugin {
 
        function about() {
                return array(1.0,
-                       "Remove embedded iframes",
+                       "Remove embedded iframes (unless whitelisted)",
                        "fox");
        }
 
@@ -16,7 +16,13 @@ class No_Iframes extends Plugin {
 
        function hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes) {
 
-               $allowed_elements = array_diff($allowed_elements, array("iframe"));
+               $xpath = new DOMXpath($doc);
+               $entries = $xpath->query('//iframe');
+
+               foreach ($entries as $entry) {
+                       if (!iframe_whitelisted($entry))
+                               $entry->parentNode->removeChild($entry);
+               }
 
                return array($doc, $allowed_elements, $disallowed_attributes);
        }