Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 01:15:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

this is a mess and makes a complicated security model that one can probably drive a truck through. It will have to be fixed. It does make youtubes work again.

Browse source
This commit is contained in:
friendica 2014-03-31 15:56:58 -07:00
parent 04d9187c7a
commit 57a9ba4574
2 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
include/bbcode.php
View file

@ -230,11 +230,10 @@ function bb_location($match) {
function bbiframe($match) {
$a = get_app();
// use sandbox mode to prevent malicious goings on rather than host restriction
// if(strpos($match[1],get_app()->get_hostname()))
// return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
return '<iframe sandbox="allow-scripts" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
$sandbox = ((strpos($match[1],get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : '');
return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
}
function bb_ShareAttributesSimple($match) {

5
include/oembed.php
View file

@ -164,8 +164,11 @@ function oembed_iframe($src,$width,$height) {
$a = get_app();
$sandbox = ((strpos($src,get_app()->get_hostname())) ? ' sandbox="allow-scripts" ' : '');
$s = $a->get_baseurl()."/oembed/".base64url_encode($src);
return '<iframe sandbox="allow-scripts" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
return '<iframe ' . $sandbox . ' height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
}