diff --git a/classes/security/EmbedFilter.class.php b/classes/security/EmbedFilter.class.php
index 034c8a82b..5ee6df0ae 100644
--- a/classes/security/EmbedFilter.class.php
+++ b/classes/security/EmbedFilter.class.php
@@ -17,7 +17,7 @@ class EmbedFilter
 	 * @var int
 	 */
 	var $allowscriptaccessKey = 0;
-	var $whiteUrlXmlFile = './classes/security/conf/embedWhiteUrl.xml';
+	var $whiteUrlDefaultFile = './classes/security/conf/whitelist.php';
 	var $whiteUrlCacheFile = './files/cache/embedfilter/embedWhiteUrl.php';
 	var $whiteUrlList = array();
 	var $whiteIframeUrlList = array();
@@ -495,7 +495,7 @@ class EmbedFilter
 		{
 			foreach($this->whiteUrlList AS $key => $value)
 			{
-				if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
+				if(preg_match('@^https?://' . preg_quote($value, '@') . '@i', $urlAttribute))
 				{
 					return TRUE;
 				}
@@ -514,7 +514,7 @@ class EmbedFilter
 		{
 			foreach($this->whiteIframeUrlList AS $key => $value)
 			{
-				if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
+				if(preg_match('@^https?://' . preg_quote($value, '@') . '@i', $urlAttribute))
 				{
 					return TRUE;
 				}
@@ -595,7 +595,7 @@ class EmbedFilter
 	 */
 	function _makeWhiteDomainList($whitelist = NULL)
 	{
-		$whiteUrlXmlFile = FileHandler::getRealPath($this->whiteUrlXmlFile);
+		$whiteUrlDefaultFile = FileHandler::getRealPath($this->whiteUrlDefaultFile);
 		$whiteUrlCacheFile = FileHandler::getRealPath($this->whiteUrlCacheFile);
 
 		$isMake = FALSE;
@@ -603,7 +603,7 @@ class EmbedFilter
 		{
 			$isMake = TRUE;
 		}
-		if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlXmlFile))
+		if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlDefaultFile))
 		{
 			$isMake = TRUE;
 		}
@@ -625,50 +625,25 @@ class EmbedFilter
 
 			if(gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
 			{
-				$whiteUrlList = $whitelist->object;
-				$whiteIframeUrlList = $whitelist->iframe;
+				foreach ($whitelist->object as $prefix)
+				{
+					$whiteUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
+				}
+				foreach ($whitelist->iframe as $prefix)
+				{
+					$whiteIframeUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
+				}
 			}
 			else
 			{
-				$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
-
-				$xmlParser = new XmlParser();
-				$domainListObj = $xmlParser->parse($xmlBuff);
-				$embedDomainList = $domainListObj->whiteurl->embed->domain;
-				$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
-				if(!is_array($embedDomainList)) $embedDomainList = array();
-				if(!is_array($iframeDomainList)) $iframeDomainList = array();
-
-				foreach($embedDomainList AS $key => $value)
+				$safeurls = (include $whiteUrlDefaultFile);
+				foreach ($safeurls['object'] as $prefix)
 				{
-					$patternList = $value->pattern;
-					if(is_array($patternList))
-					{
-						foreach($patternList AS $key => $value)
-						{
-							$whiteUrlList[] = $value->body;
-						}
-					}
-					else
-					{
-						$whiteUrlList[] = $patternList->body;
-					}
+					$whiteUrlList[] = $prefix;
 				}
-
-				foreach($iframeDomainList AS $key => $value)
+				foreach ($safeurls['iframe'] as $prefix)
 				{
-					$patternList = $value->pattern;
-					if(is_array($patternList))
-					{
-						foreach($patternList AS $key => $value)
-						{
-							$whiteIframeUrlList[] = $value->body;
-						}
-					}
-					else
-					{
-						$whiteIframeUrlList[] = $patternList->body;
-					}
+					$whiteIframeUrlList[] = $prefix;
 				}
 			}
 
@@ -676,18 +651,24 @@ class EmbedFilter
 
 			if($db_info->embed_white_object)
 			{
-				$whiteUrlList = array_merge($whiteUrlList, $db_info->embed_white_object);
+				foreach ($db_info->embed_white_object as $prefix)
+				{
+					$whiteUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
+				}
 			}
 
 			if($db_info->embed_white_iframe)
 			{
-				$whiteIframeUrlList = array_merge($whiteIframeUrlList, $db_info->embed_white_iframe);
+				foreach ($db_info->embed_white_iframe as $prefix)
+				{
+					$whiteIframeUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
+				}
 			}
 
 			$whiteUrlList = array_unique($whiteUrlList);
 			$whiteIframeUrlList = array_unique($whiteIframeUrlList);
-			asort($whiteUrlList);
-			asort($whiteIframeUrlList);
+			natcasesort($whiteUrlList);
+			natcasesort($whiteIframeUrlList);
 
 			$buff = array();
 			$buff[] = '<?php if(!defined("__XE__")) exit();';
diff --git a/classes/security/conf/embedWhiteUrl.xml b/classes/security/conf/embedWhiteUrl.xml
deleted file mode 100644
index f75d9ffc4..000000000
--- a/classes/security/conf/embedWhiteUrl.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<whiteurl>
-	<embed>
-		<domain name="http://www.naver.com" isNAVER="true" desc="네이버">
-			<pattern>http://serviceapi.nmv.naver.com/</pattern>
-			<pattern>http://scrap.ad.naver.com/</pattern>
-			<pattern>http://event.dn.naver.com/sbsplayer/vmplayer.xap</pattern>
-		</domain>
-		<domain name="" isNAVER="true" desc="네이버 뮤직 서비스">
-			<pattern>http://musicplayer.naver.com/naverPlayer/posting/</pattern>
-			<pattern>http://player.music.naver.com/naverPlayer/posting/</pattern>
-		</domain>
-		<domain name="http://www.daum.net" desc="다음">
-			<pattern>http://flvs.daum.net/flvPlayer.swf</pattern>
-			<pattern>http://api.v.daum.net/</pattern>
-			<pattern>http://tvpot.daum.net/playlist/playlist.swf</pattern>
-			<pattern>http://videofarm.daum.net/</pattern>
-		</domain>
-		<domain name="http://www.youtube.com" desc="Youtube">
-			<pattern>http://www.youtube.com/</pattern>
-			<pattern>https://www.youtube.com/</pattern>
-			<pattern>http://www.youtube-nocookie.com/</pattern>
-			<pattern>https://www.youtube-nocookie.com/</pattern>
-		</domain>
-		<domain name="http://www.mgoon.com" desc="엠군">
-			<pattern>http://play.mgoon.com/</pattern>
-			<pattern>http://doc.mgoon.com/player/</pattern>
-		</domain>
-		<domain name="http://www.pandora.tv" desc="판도라TV">
-			<pattern>http://flvr.pandora.tv/flv2pan/</pattern>
-			<pattern>http://imgcdn.pandora.tv/gplayer/pandora_EGplayer.swf</pattern>
-			<pattern>http://imgcdn.pandora.tv/gplayer/flJal.swf</pattern>
-		</domain>
-		<domain name="http://www.tagstory.com" desc="태그스토리">
-			<pattern>http://play.tagstory.com/player/</pattern>
-			<pattern>http://www.tagstory.com/player/basic/</pattern>
-		</domain>
-		<domain name="" desc="싸이월드">
-			<pattern>http://dbi.video.cyworld.com/v.sk/</pattern>
-		</domain>
-		<domain name="" desc="이글루스 동영상">
-			<pattern>http://v.egloos.com/v.sk/</pattern>
-		</domain>
-		<domain name="http://www.nate.com" desc="네이트">
-			<pattern>http://v.nate.com/v.sk/</pattern>
-			<pattern>http://w.blogdoc.nate.com/</pattern>
-			<pattern>http://blogdoc.nate.com/flash/blogdoc_widget_reco.swf</pattern>
-		</domain>
-		<domain name="http://www.kbs.co.kr" desc="KBS">
-			<pattern>http://www.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
-			<pattern>http://vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
-		</domain>
-		<domain name="http://www.sbs.co.kr" desc="SBS">
-			<pattern>http://netv.sbs.co.kr/sbox/</pattern>
-			<pattern>http://news.sbs.co.kr/</pattern>
-			<pattern>http://wizard2.sbs.co.kr/</pattern>
-			<pattern>http://sbsplayer.sbs.co.kr/</pattern>
-		</domain>
-		<domain name="http://www.imbc.com" desc="MBC">
-			<pattern>http://onemore.imbc.com/ClientBin/oneplus.xap</pattern>
-		</domain>
-		<domain name="" isNAVER="true" desc="socialsearch">
-			<pattern>http://static.campaign.naver.com/</pattern>
-		</domain>
-	</embed>
-	<iframe>
-		<domain name="http://www.youtube.com" desc="유튜브 동영상" mobile="true">
-			<pattern>http://www.youtube.com/</pattern>
-			<pattern>https://www.youtube.com/</pattern>
-			<pattern>http://www.youtube-nocookie.com/</pattern>
-			<pattern>https://www.youtube-nocookie.com/</pattern>
-		</domain>
-		<domain name="http://maps.google.com" desc="구글맵스" mobile="true">
-			<pattern>http://maps.google.com/</pattern>
-			<pattern>http://maps.google.co.kr/</pattern>
-		</domain>
-		<domain name="http://flvs.daum.net" desc="다음 TV 팟 동영상" mobile="false">
-			<pattern>http://flvs.daum.net/</pattern>
-		</domain>
-		<domain name="http://www.sbs.co.kr" desc="SBS">
-			<pattern>http://sbsplayer.sbs.co.kr/</pattern>
-		</domain>
-		<domain name="http://www.vimeo.com" desc="vimeo.com">
-			<pattern>http://player.vimeo.com/</pattern>
-		</domain>
-		<domain name="http://tvcast.naver.com" isNAVER="true" desc="NAVER TVCAST">
-			<pattern>http://serviceapi.rmcnmv.naver.com/</pattern>
-		</domain>
-	</iframe>
-</whiteurl>
diff --git a/classes/security/conf/whitelist.php b/classes/security/conf/whitelist.php
new file mode 100644
index 000000000..bf219afad
--- /dev/null
+++ b/classes/security/conf/whitelist.php
@@ -0,0 +1,65 @@
+<?php
+
+return array(
+	'object' => array(
+		// YouTube
+		'www.youtube.com/',
+		'www.youtube-nocookie.com/',
+		// Daum
+		'flvs.daum.net/flvPlayer.swf',
+		'api.v.daum.net/',
+		'tvpot.daum.net/playlist/playlist.swf',
+		'videofarm.daum.net/',
+		// Naver
+		'serviceapi.nmv.naver.com/',
+		'scrap.ad.naver.com/',
+		'event.dn.naver.com/sbsplayer/vmplayer.xap',
+		'static.campaign.naver.com/',
+		'musicplayer.naver.com/naverPlayer/posting/',
+		'player.music.naver.com/naverPlayer/posting/',
+		// Mgoon
+		'play.mgoon.com/',
+		'doc.mgoon.com/player/',
+		// Pandora TV
+		'flvr.pandora.tv/flv2pan/',
+		'imgcdn.pandora.tv/gplayer/pandora_EGplayer.swf',
+		'imgcdn.pandora.tv/gplayer/flJal.swf',
+		// Tagstory
+		'play.tagstory.com/player/',
+		'www.tagstory.com/player/basic/',
+		// Cyworld
+		'dbi.video.cyworld.com/v.sk/',
+		// Egloos
+		'v.egloos.com/v.sk/',
+		// Nate
+		'v.nate.com/v.sk/',
+		'w.blogdoc.nate.com/',
+		'blogdoc.nate.com/flash/blogdoc_widget_reco.swf',
+		// KBS
+		'www.kbs.co.kr/zzim/vmplayer/vmplayer.xap',
+		'vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap',
+		// MBC
+		'onemore.imbc.com/ClientBin/oneplus.xap',
+		// SBS
+		'netv.sbs.co.kr/sbox/',
+		'news.sbs.co.kr/',
+		'wizard2.sbs.co.kr/',
+		'sbsplayer.sbs.co.kr/',
+	),
+	'iframe' => array(
+		// YouTube
+		'www.youtube.com/',
+		'www.youtube-nocookie.com/',
+		// Google Maps
+		'maps.google.com/',
+		'maps.google.co.kr/',
+		// Daum TV Pot
+		'flvs.daum.net/',
+		// NAVER TVCAST
+		'serviceapi.rmcnmv.naver.com/',
+		// SBS
+		'sbsplayer.sbs.co.kr/',
+		// Vimeo
+		'player.vimeo.com/',
+	),
+);