diff options
| author | Andrew Dolgov <[email protected]> | 2013-03-19 12:49:55 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2013-03-19 12:49:55 +0400 |
| commit | 4f7d69e1856a611025f53eef273e5af039d9aa16 (patch) | |
| tree | 9a5d2a357486bf32c53e42f979c91fcd297e9904 /include | |
| parent | 55783ca45c7d87a671796842386afd0f5eb31b89 (diff) | |
detect whether browser supports iframe.sandbox and allow iframes accordingly; allow object and embed elements
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/functions.php b/include/functions.php index 0e5d15eaf..50bdc13ae 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2626,7 +2626,9 @@ $allowed_elements = array('p', 'br', 'div', 'table', 'tr', 'td', 'th', 'ul', 'ol', 'li', 'blockquote', 'span', 'html', 'body', 'a', 'img', - 'iframe', 'video', 'audio', 'source'); + 'video', 'audio', 'source', 'object', 'embed'); + + if ($_SESSION['hasSandbox']) array_push($allowed_elements, 'iframe'); $disallowed_attributes = array('id', 'style', 'class'); |