diff options
| author | Andrew Dolgov <[email protected]> | 2014-11-25 13:45:02 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2014-11-25 13:45:02 +0300 |
| commit | 59b5d5f3e6df7264349c136b5e981cc355deaa96 (patch) | |
| tree | 9131ff2132679a635e95c4e9a738c04c01e51274 /include/functions2.php | |
| parent | 84c6f17deb6d35f3d1ef4738488b20f4ae4bcf34 (diff) | |
allow embedding videos from youtube and vimeo natively
Diffstat (limited to 'include/functions2.php')
| -rw-r--r-- | include/functions2.php | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/include/functions2.php b/include/functions2.php index 672373e6d..866c92ec9 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -826,6 +826,21 @@ } + function iframe_whitelisted($entry) { + $whitelist = array("youtube.com", "youtu.be", "vimeo.com"); + + @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); + + if ($src) { + foreach ($whitelist as $w) { + if ($src == $w || $src == "www.$w") + return true; + } + } + + return false; + } + function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { if (!$owner) $owner = $_SESSION["uid"]; @@ -894,7 +909,9 @@ $entries = $xpath->query('//iframe'); foreach ($entries as $entry) { - $entry->setAttribute('sandbox', 'allow-scripts'); + if (!iframe_whitelisted($entry)) { + $entry->setAttribute('sandbox', 'allow-scripts'); + } } |