[wp-trac] [WordPress Trac] #43713: Privacy: Add a UI to allow administrators to disable individual embeds / oembeds
WordPress Trac
noreply at wordpress.org
Fri Apr 6 17:38:04 UTC 2018
#43713: Privacy: Add a UI to allow administrators to disable individual embeds /
oembeds
------------------------------+-----------------------------
Reporter: allendav | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Embeds | Version: trunk
Severity: normal | Resolution:
Keywords: gdpr needs-patch | Focuses:
------------------------------+-----------------------------
Changes (by azaozz):
* milestone: Awaiting Review => Future Release
Comment:
Enforcing what can be embedded seems like good idea for sites with
multiple authors and editors. This can be the beginning of a "content
creation policy". However it's not as easy: editors can simply paste the
embed code copied from source sites as they can post `unfiltered_html`. In
addition to the above list of oEmbed providers, content can also be
embedded form any WordPress site.
To do this right we'll need more stringent HTML filtering capabilities,
and start filtering the HTML for admins and editors too (more specifically
`<script>` and `<iframe>`). This is a big change that needs to be weighted
from all possible angles.
For GDPR compatibility purposes it would probably be enough to explain to
the site owners that the privacy policy should cover all possible embeds.
That's the case for existing content too, it won't be enough to just block
embeds from some oEmbed providers.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43713#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list