[wp-meta] [Making WordPress.org] #1769: Disable embeds for plugin readme content
Making WordPress.org
noreply at wordpress.org
Tue Jun 14 04:08:59 UTC 2016
#1769: Disable embeds for plugin readme content
------------------------------+-----------------
Reporter: dd32 | Owner:
Type: defect | Status: new
Priority: high | Milestone:
Component: Plugin Directory | Keywords:
------------------------------+-----------------
Currently the WordPress 4.5 oEmbed functionality is enabled for plugin
content, however for whatever reason, it's not being displayed properly.
I don't think we should enable non-whitelisted embed sources (media, etc),
as it doesn't allow us to control what data is shown on a plugin page, and
may allow a plugin author to serve targeted ads or other information which
our scanners would not be able to pick up.
Arguably, we have the same situation today with Youtube embeds, however I
feel they're a lot harder to abuse.
For an example of a site that's being pulled in, see the Website section
at the end of this plugins description: https://wordpress.org/plugins-wp
/taghound-media-tagger/ you'll find the `<iframe>` in the output, just not
functional. (Note: This plugin isn't doing anything wrong)
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1769>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list