diff --git a/app/assets/javascripts/pretty-text/pretty-text.js.es6 b/app/assets/javascripts/pretty-text/pretty-text.js.es6
index eb493b3640a..9c7a814940a 100644
--- a/app/assets/javascripts/pretty-text/pretty-text.js.es6
+++ b/app/assets/javascripts/pretty-text/pretty-text.js.es6
@@ -62,7 +62,7 @@ export function buildOptions(state) {
lookupImageUrls,
censoredWords,
allowedHrefSchemes: siteSettings.allowed_href_schemes ? siteSettings.allowed_href_schemes.split('|') : null,
- allowedIframes: (siteSettings.allowed_iframes || '').split('|'),
+ allowedIframes: siteSettings.allowed_iframes ? siteSettings.allowed_iframes.split('|') : [],
markdownIt: true,
previewing
};
diff --git a/test/javascripts/lib/sanitizer-test.js.es6 b/test/javascripts/lib/sanitizer-test.js.es6
index cc5dcb205cb..8650bc90bae 100644
--- a/test/javascripts/lib/sanitizer-test.js.es6
+++ b/test/javascripts/lib/sanitizer-test.js.es6
@@ -4,7 +4,9 @@ import { hrefAllowed } from 'pretty-text/sanitizer';
QUnit.module("lib:sanitizer");
QUnit.test("sanitize", assert => {
- const pt = new PrettyText(buildOptions({ siteSettings: {} }));
+ const pt = new PrettyText(buildOptions({ siteSettings: {
+ "allowed_iframes": 'https://www.google.com/maps/embed?|https://www.openstreetmap.org/export/embed.html?'
+ } }));
const cooked = (input, expected, text) => assert.equal(pt.cook(input), expected.replace(/\/>/g, ">"), text);
assert.equal(pt.sanitize("bug"), "bug");
@@ -28,8 +30,8 @@ QUnit.test("sanitize", assert => {
"",
"it allows iframe to google maps");
- cooked("",
- "",
+ cooked("",
+ "",
"it allows iframe to OpenStreetMap");
assert.equal(pt.sanitize(""), "hullo");