[wp-meta] [Making WordPress.org] #1769: Disable embeds for plugin readme content

Making WordPress.org noreply at wordpress.org
Tue Jun 14 04:08:59 UTC 2016

#1769: Disable embeds for plugin readme content
 Reporter:  dd32              |      Owner:
     Type:  defect            |     Status:  new
 Priority:  high              |  Milestone:
Component:  Plugin Directory  |   Keywords:
 Currently the WordPress 4.5 oEmbed functionality is enabled for plugin
 content, however for whatever reason, it's not being displayed properly.

 I don't think we should enable non-whitelisted embed sources (media, etc),
 as it doesn't allow us to control what data is shown on a plugin page, and
 may allow a plugin author to serve targeted ads or other information which
 our scanners would not be able to pick up.
 Arguably, we have the same situation today with Youtube embeds, however I
 feel they're a lot harder to abuse.

 For an example of a site that's being pulled in, see the Website section
 at the end of this plugins description: https://wordpress.org/plugins-wp
 /taghound-media-tagger/ you'll find the `<iframe>` in the output, just not
 functional. (Note: This plugin isn't doing anything wrong)

Ticket URL: <https://meta.trac.wordpress.org/ticket/1769>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list