diff --git a/main/inc/lib/htmlpurifier/library/HTMLPurifier/Filter/AllowIframes.php b/main/inc/lib/htmlpurifier/library/HTMLPurifier/Filter/AllowIframes.php
new file mode 100644
index 0000000000..09980ddbb6
--- /dev/null
+++ b/main/inc/lib/htmlpurifier/library/HTMLPurifier/Filter/AllowIframes.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * Class definition for HTMLPurifier that allows (but controls) iframes
+ * @package chamilo.lib
+ */
+/**
+ * Based on: http://stackoverflow.com/questions/4739284/htmlpurifier-iframe-vimeo-and-youtube-video
+ * Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way
+ */
+class HTMLPurifier_Filter_AllowIframes extends HTMLPurifier_Filter
+{
+    public $name = 'AllowIframes';
+
+    /**
+     *
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function preFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context)
+    {
+        $html = preg_replace('#<iframe#i', '<img class="MyIframe"', $html);
+        $html = preg_replace('#</iframe>#i', '</img>', $html);
+        return $html;
+    }
+
+    /**
+     *
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function postFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context)
+    {
+        $post_regex = '#<img class="MyIframe"([^>]+?)>#';
+        return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
+    }
+
+    /**
+     *
+     * @param array $matches
+     * @return string
+     */
+    protected function postFilterCallback($matches)
+    {
+        // Domain Whitelist
+        $youTubeMatch       = preg_match('#src="(https:)?//www.youtube(-nocookie)?.com/#i', $matches[1]);
+        $vimeoMatch         = preg_match('#src="http://player.vimeo.com/#i', $matches[1]);
+        $googleMapsMatch    = preg_match('#src="https://maps.google.com/#i', $matches[1]);
+
+        if ($youTubeMatch || $vimeoMatch || $googleMapsMatch) {
+            $extra = ' frameborder="0"';
+            if ($youTubeMatch) {
+                $extra .= ' allowfullscreen';
+            } elseif ($vimeoMatch) {
+                $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
+            }
+            return '<iframe ' . $matches[1] . $extra . '></iframe>';
+        } else {
+            return '';
+        }
+    }
+}
diff --git a/main/inc/lib/redirect.class.php b/main/inc/lib/redirect.class.php
index 5e1417b45a..7ceb99ca97 100755
--- a/main/inc/lib/redirect.class.php
+++ b/main/inc/lib/redirect.class.php
@@ -53,7 +53,7 @@ class Redirect
             return;
         }
 
-        $url = isset($_SESSION['request_uri']) ? $_SESSION['request_uri'] : '';
+        $url = isset($_SESSION['request_uri']) ? Security::remove_XSS($_SESSION['request_uri']) : '';
         unset($_SESSION['request_uri']);
 
         if (!empty($url)) {
@@ -92,7 +92,9 @@ class Redirect
                 }
             }
             global $_configuration;
-            if (!isset($_configuration['redirect_admin_to_courses_list']) or $_configuration['redirect_admin_to_courses_list'] === 'false') {
+            if (!isset($_configuration['redirect_admin_to_courses_list']) or
+                $_configuration['redirect_admin_to_courses_list'] === 'false'
+            ) {
                 // If the user is a platform admin, redirect to the main admin page
                 if (api_is_multiple_url_enabled()) {
                     // if multiple URLs are enabled, make sure he's admin of the
@@ -139,7 +141,7 @@ class Redirect
      */
     protected static function navigate($url)
     {
-        $url = Security::remove_XSS($url);
+        //$url = Security::remove_XSS($url);
         session_write_close(); //should not be neeeded
         header("Location: $url");
         exit;