[wp-trac] [WordPress Trac] #32522: oEmbed WordPress Posts in WordPress Posts
WordPress Trac
noreply at wordpress.org
Fri Jul 17 07:56:12 UTC 2015
#32522: oEmbed WordPress Posts in WordPress Posts
-------------------------+------------------------------
Reporter: melchoyce | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version:
Severity: normal | Resolution:
Keywords: | Focuses: administration
-------------------------+------------------------------
Comment (by markhowellsmead):
The arguments and security concerns are all very valid and certainly need
to be considered as part of this onward development. Opening up oEmbed to
include third-party WordPress sites is more of a risk than, say, embedding
Flickr images or YouTube videos, as one can never tell what a random
website author will do with his or her site.
My argument against using iFrames, whilst still valid, is perhaps less
important than avoiding the possible security issues which have been
raised here. An iframe is used by Twitter and probably by other services
too, so it's not a completely unusable or awkward solution.
Allowing a third-party content provider to allow or disallow embeds of
their content is a valid and correct solution to the concerns raised by
those who fear too much traffic, or by those who are concerned about
issues like AdWords. I would recommend that the whitelisting issue is
covered by requiring the third-party provider to manually allow content to
be embedded. In much the same way that, when a new site is set up, the
option to allow search engine indexing is prominently visible.
As to what the endpoint delivers to embed requests, I would suggest that
the logic of what is usually provided via an RSS feed be considered: that
by default, an oEmbed request delivers (for example) the post/page title,
excerpt, date and link. One can hook the RSS feed to also include the post
thumbnail (e.g. http://permanenttourist.ch/feed) and this could work in
the same way.
This solution dovetails with the mockups posted by @melchoyce and would
closely match the oEmbeds currently coming from Twitter.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32522#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list