From 7c4b72e820ba2a04aaf3b4389714c30bfa284bcd Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Mon, 2 Feb 2015 23:23:30 +0100
Subject: only allow iframe https content

---
 appinfo/application.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'appinfo')

diff --git a/appinfo/application.php b/appinfo/application.php
index 749545ebb..dfbd81be4 100644
--- a/appinfo/application.php
+++ b/appinfo/application.php
@@ -124,8 +124,8 @@ class Application extends App {
             $config->set('Cache.SerializerPath', $directory);
             $config->set('HTML.SafeIframe', true);
             $config->set('URI.SafeIframeRegexp',
-                '%^(?:https?:)?//(' .
-                'www.youtube(?:-nocookie)?.com/embed/|' .
+                '%^https://(?:www\.)?(' .
+                'youtube(?:-nocookie)?.com/embed/|' .
                 'player.vimeo.com/video/)%'); //allow YouTube and Vimeo
             return new HTMLPurifier($config);
         });
-- 
cgit v1.2.3