2 files changed, 12 insertions, 1 deletions

diff --git a/reader/sanitizer/sanitizer.go b/reader/sanitizer/sanitizer.go
index f13681b..b37a9af 100644
--- a/reader/sanitizer/sanitizer.go
+++ b/reader/sanitizer/sanitizer.go
@@ -17,7 +17,7 @@ import (
 )
 
 var (
-	youtubeEmbedRegex = regexp.MustCompile(`http[s]?://www\.youtube\.com/embed/(.*)`)
+	youtubeEmbedRegex = regexp.MustCompile(`//www\.youtube\.com/embed/(.*)`)
 )
 
 // Sanitize returns safe HTML.
@@ -291,6 +291,7 @@ func isBlacklistedResource(src string) bool {
 
 func isValidIframeSource(src string) bool {
 	whitelist := []string{
+		"//www.youtube.com",
 		"http://www.youtube.com",
 		"https://www.youtube.com",
 		"https://www.youtube-nocookie.com",
diff --git a/reader/sanitizer/sanitizer_test.go b/reader/sanitizer/sanitizer_test.go
index fab493a..8db0bda 100644
--- a/reader/sanitizer/sanitizer_test.go
+++ b/reader/sanitizer/sanitizer_test.go
@@ -203,6 +203,16 @@ func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) {
 	}
 }
 
+func TestReplaceProtocolRelativeYoutubeURL(t *testing.T) {
+	input := `<iframe src="//www.youtube.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen"></iframe>`
+	expected := `<iframe src="https://www.youtube-nocookie.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen" sandbox="allow-scripts allow-same-origin"></iframe>`
+	output := Sanitize("http://example.org/", input)
+
+	if expected != output {
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
+	}
+}
+
 func TestReplaceIframeURL(t *testing.T) {
 	input := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0"></iframe>`
 	expected := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0" sandbox="allow-scripts allow-same-origin"></iframe>`