only allow iframe https content

author: Bernhard Posselt <dev@bernhard-posselt.com> 2015-02-02 23:23:30 +0100
committer: Bernhard Posselt <dev@bernhard-posselt.com> 2015-02-05 15:24:32 +0100
commit: 7c4b72e820ba2a04aaf3b4389714c30bfa284bcd (patch)
tree: ed9f3d2ca5a11a97b207d0d4b276879ba62b55a0 /appinfo
parent: b02ea08db40dae100cd927b22afa8d349570c57e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/appinfo/application.php b/appinfo/application.php
index 749545ebb..dfbd81be4 100644
--- a/appinfo/application.php
+++ b/appinfo/application.php
@@ -124,8 +124,8 @@ class Application extends App {
             $config->set('Cache.SerializerPath', $directory);
             $config->set('HTML.SafeIframe', true);
             $config->set('URI.SafeIframeRegexp',
-                '%^(?:https?:)?//(' .
-                'www.youtube(?:-nocookie)?.com/embed/|' .
+                '%^https://(?:www\.)?(' .
+                'youtube(?:-nocookie)?.com/embed/|' .
                 'player.vimeo.com/video/)%'); //allow YouTube and Vimeo
             return new HTMLPurifier($config);
         });
author	Bernhard Posselt <dev@bernhard-posselt.com>	2015-02-02 23:23:30 +0100
committer	Bernhard Posselt <dev@bernhard-posselt.com>	2015-02-05 15:24:32 +0100
commit	7c4b72e820ba2a04aaf3b4389714c30bfa284bcd (patch)
tree	ed9f3d2ca5a11a97b207d0d4b276879ba62b55a0 /appinfo
parent	b02ea08db40dae100cd927b22afa8d349570c57e (diff)