From 59b5d5f3e6df7264349c136b5e981cc355deaa96 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 25 Nov 2014 13:45:02 +0300 Subject: [PATCH] allow embedding videos from youtube and vimeo natively --- include/functions2.php | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/include/functions2.php b/include/functions2.php index 672373e6..866c92ec 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -826,6 +826,21 @@ } + function iframe_whitelisted($entry) { + $whitelist = array("youtube.com", "youtu.be", "vimeo.com"); + + @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); + + if ($src) { + foreach ($whitelist as $w) { + if ($src == $w || $src == "www.$w") + return true; + } + } + + return false; + } + function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { if (!$owner) $owner = $_SESSION["uid"]; @@ -894,7 +909,9 @@ $entries = $xpath->query('//iframe'); foreach ($entries as $entry) { - $entry->setAttribute('sandbox', 'allow-scripts'); + if (!iframe_whitelisted($entry)) { + $entry->setAttribute('sandbox', 'allow-scripts'); + } } -- 2.39.5