From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Fri, 18 Dec 2020 06:17:49 +0000 (-0500)
Subject: Allow support for allowlisted iframe sources in Content\text\BBCode::convert
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=0781f28ca6e8ac9fe9a2ebf0707db7952a148b5e;p=friendica.git

Allow support for allowlisted iframe sources in Content\text\BBCode::convert

- Support Youtube, Vimeo and unused local embeds
---

diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php
index e41511f5a3..2563194f2c 100644
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@@ -1876,6 +1876,14 @@ class BBCode
 
 		$config = \HTMLPurifier_HTML5Config::createDefault();
 		$config->set('HTML.Doctype', 'HTML5');
+		$config->set('HTML.SafeIframe', true);
+		$config->set('URI.SafeIframeRegexp', '%^(?:
+			https://www.youtube.com/embed/
+			|
+			https://player.vimeo.com/video/
+			|
+			' . DI::baseUrl() . '/oembed/ # Has to change with the source in Content\Oembed::iframe
+		)%xi');
 		$config->set('Attr.AllowedRel', [
 			'noreferrer' => true,
 			'noopener' => true,