diff --git a/classes/rpc.php b/classes/rpc.php
index 5d77b1ae8..b297bbade 100644
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -285,6 +285,7 @@ class RPC extends Handler_Protected {
 
 	function sanityCheck() {
 		$_SESSION["hasAudio"] = $_REQUEST["hasAudio"] === "true";
+		$_SESSION["hasSandbox"] = $_REQUEST["hasSandbox"] === "true";
 
 		$reply = array();
 
diff --git a/include/functions.php b/include/functions.php
index 0e5d15eaf..50bdc13ae 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -2626,7 +2626,9 @@
 
 		$allowed_elements = array('p', 'br', 'div', 'table', 'tr', 'td', 'th',
 			'ul', 'ol', 'li', 'blockquote', 'span', 'html', 'body', 'a', 'img',
-			'iframe', 'video', 'audio', 'source');
+			'video', 'audio', 'source', 'object', 'embed');
+
+		if ($_SESSION['hasSandbox']) array_push($allowed_elements, 'iframe');
 
 		$disallowed_attributes = array('id', 'style', 'class');
 
diff --git a/js/tt-rss.js b/js/tt-rss.js
index 5ada64d31..5968f58eb 100644
--- a/js/tt-rss.js
+++ b/js/tt-rss.js
@@ -244,9 +244,11 @@ function init() {
 		loading_set_progress(20);
 
 		var hasAudio = !!((myAudioTag = document.createElement('audio')).canPlayType);
+		var hasSandbox = "sandbox" in document.createElement("iframe");
 
 		new Ajax.Request("backend.php",	{
-			parameters: {op: "rpc", method: "sanityCheck", hasAudio: hasAudio},
+			parameters: {op: "rpc", method: "sanityCheck", hasAudio: hasAudio,
+				hasSandbox: hasSandbox},
 			onComplete: function(transport) {
 					backend_sanity_check_callback(transport);
 				} });