[wp-trac] [WordPress Trac] #32522: oEmbed WordPress Posts in WordPress Posts

WordPress Trac noreply at wordpress.org
Mon Jul 13 03:32:00 UTC 2015 

#32522: oEmbed WordPress Posts in WordPress Posts
-------------------------+------------------------------
 Reporter:  melchoyce    |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Embeds       |     Version:
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  administration
-------------------------+------------------------------

Comment (by pento):

 Replying to [comment:21 melchoyce]:
 > It wouldn't handle edge-cases well — if someone has a super wide post
 area, the featured image could get ''really'' big.

 Good point. Even if we tried to limit the height of the image (assuming we
 could magically make an image cropper that isn't terrible), I suspect it'd
 still look weird stretched to super wide.

 > (At a nice post width it ''does'' look pretty good, though)

 Perhaps we could do `width: 100%; max-width: something-sane`?

 > I'm not sure I have an opinion on this, since I can see the argument for
 either. Is there a best practice?

 Here's a quick rundown of what some folks do:

 Instagram: iframe
 Meetup: Embedded content and CSS, no JS
 Soundcloud: iframe
 Tumblr: Empty placeholder div, post loaded by JS
 Twitter: Placeholder blockquote with content, JS to load styling
 YouTube: iframe
 Vimeo: iframe
 Vine: iframe and JS

 Facebook and G+ don't support oEmbed, but both of their standard embed
 code is an empty placeholder, with JS to load the post.

 For security, we wouldn't allow JS or CSS from the remote site to be
 embedded in the page - it can too easily be used as an attack vector.

 Unless there's a particularly good reason for the host site to be able to
 apply their own styling, I'm leaning towards the iframe method. We can
 provide a nice default style for embeds, then a source can customise any
 bits that they want to. The host will still maintain control of embed
 size, so a malicious source can't take over the page. The source doesn't
 get as many customisation options, but that's not really the point of
 oEmbeds.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32522#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list