[wp-trac] [WordPress Trac] #32522: oEmbed WordPress Posts in WordPress Posts
WordPress Trac
noreply at wordpress.org
Thu Jul 16 05:28:50 UTC 2015
#32522: oEmbed WordPress Posts in WordPress Posts
-------------------------+------------------------------
Reporter: melchoyce | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version:
Severity: normal | Resolution:
Keywords: | Focuses: administration
-------------------------+------------------------------
Comment (by pento):
Replying to [comment:32 Viper007Bond]:
> iframes aren't a solution either for a number of reasons.
I disagree, I think iframes are absolutely the correct solution. They
easily solve all of the security issues you mentioned.
> What if a post from my tiny little website gets embedded into a popular
website? First off, my server is then being hammered with traffic.
This is exactly the same as what happens if your site hits the front page
of HN or Reddit - we don't provide a core solution for that, either.
> Secondly, I could then abuse that and have my website serve different
content such as advertisements or even disgusting images. The content that
the popular website expected to be displayed is not longer being
displayed. Everything needs to be local.
You can do the same thing with tumblr embeds. I don't think this is an
issue we need to be concerned about.
Replying to [comment:33 WraithKenny]:
> In other words, don't enable the oembed provider by default, and don't
add any sites to the whitelist. Let the admins enable those.
There's no point in doing this if it isn't enabled by default. The same as
we've done for most new core features, there should be no UI to disable
it, either - there'll be plugins that will disable it if you really want
to opt out.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32522#comment:35>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list