sanitize_iframe( $cache ); } /** * Retrieves iframe element from HTML string and amends or appends the correct sandbox permissions. * * @param string $html HTML string. * @return string iframe with correct sandbox permissions. */ private function sanitize_iframe( $html ) { return preg_replace_callback( '#^.*[^>]+?)>.*$#s', function ( $matches ) { $attrs = $matches['iframe_attributes']; // Amend the required keywords to the iframe's sandbox. $sandbox = 'allow-popups allow-scripts'; $replaced = 0; $attrs = preg_replace( '#(?<=\ssandbox=["\'])#', "{$sandbox} ", // whitespace is necessary to separate prior permissions. $attrs, 1, $replaced ); // If no sandbox attribute was found, then add the attribute. if ( 0 === $replaced ) { $attrs .= sprintf( ' sandbox="%s"', $sandbox ); } // The iframe sanitizer will convert this into an amp-iframe. return ""; }, $html ); } }