From 3fbdc749e0600779764f073d13f79e819f0ca5f6 Mon Sep 17 00:00:00 2001
From: Neil Lathwood <neil@lathwood.co.uk>
Date: Sat, 3 Jun 2017 17:14:16 +0100
Subject: [PATCH] webui: Allow iframe in notes widget (#6773)

* webui: Allow iframe in notes widget

* added height+width to notes widget
---
 html/includes/common/notes.inc.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/html/includes/common/notes.inc.php b/html/includes/common/notes.inc.php
index 02635bde5b..c25053abf9 100644
--- a/html/includes/common/notes.inc.php
+++ b/html/includes/common/notes.inc.php
@@ -35,9 +35,13 @@ if (defined('SHOW_SETTINGS') || empty($widget_settings)) {
 } else {
     $tmp_config = array(
         'HTML.Allowed'    => 'b,iframe,i,ul,li,h1,h2,h3,h4,br,p',
+        'HTML.AllowedAttributes'    => 'iframe@src,iframe@width,iframe@height',
+        'HTML.AllowedElements' => array('iframe'),
         'HTML.Trusted'    => true,
         'HTML.SafeIframe' => true,
+        'URI.SafeIframeRegexp' => '%^(https?:)?//%',
     );
     $common_output[] = display(nl2br($widget_settings['notes']), $tmp_config);
+    //print_r($common_output);exit;
     unset($tmp_config);
 }