WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#44434 closed defect (bug) (worksforme)

oEmbed start pulling in iframes from any websites

Reported by: drivdigital Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.6
Component: Embeds Keywords: close
Focuses: Cc:

Description

I have a page of URLs on wordpress based websites.

https://fjellrevenshop.no
http:/drivdigital.no

These are now showing an iframe of the site, overlapping the content. These are not websites on a list of the oEmbed providers form the codex, these are just regular websites.

Why are sites being pulled into the content and embedded? Why is there no ability to disable Links?

This feature makes sense when it was just youtube or twitter, but all link now pull in anything seems very strange.

I've got a privacy policy page that is now flooded with oembeds

Change History (9)

#1 @swissspidy
3 years ago

  • Component changed from General to Embeds
  • Keywords reporter-feedback close added

Which sites are being embedded and where does that happen? Can you please share the exact URL of a site where this happens? Or at least a screenshot?

These are not websites on a list of the oEmbed providers form the codex, these are just regular websites.

Since version 4.4, WordPress has oEmbed discovery activated by default. WordPress itself is an oEmbed provider, too. This means you can easily embed posts from other WordPress sites in your blog.

To disable this behaviour, you can install a plugin like Disable Embeds. You'll still be able to embed YouTube videos and the like, but not other WordPress sites. Also, other WordPress sites won't be able to embed your site.

I've got a privacy policy page that is now flooded with oembeds

I don't see anything on https://www.fjellrevenshop.no/personvernerklaering-fjellrevenshop-no/

#2 @drivdigital
3 years ago

To circumvent the oEmbeds, i've just had to go through this page & change the markup to not include any https:// in the visible text.

Here is an example not on a client site for testing: https://drivdigital.no/cookies/

#3 @drivdigital
3 years ago

  • Keywords reporter-feedback removed
  • Version set to 4.9.6

#4 follow-up: @TZ Media
3 years ago

Hi @drivdigital

I suggest that you don't simply paste the link into the plain text, but instead set it as a link via the editor. This way, there's no embed created, and the reader can click on the link to open the linked site directly, without having to copy the URL into a new browser window or so.

#5 in reply to: ↑ 4 ; follow-up: @drivdigital
3 years ago

  • Keywords 2nd-opinion added

You can write the url in the visual tab and have the oEmbed kick in with no way to remove it. Only if you decide you're creating a link and click the link button can you get around it.

Also, this shouldn't be happing by default – it should be detecting it has oEmbed and asking 'should this link show a preview', not just overwriting and embedding.

I feel like it's perhaps a feature that is needs a setting in the MEDIA to control this. I don't believe it should be enabled by default with a plugin to disable it.

— 

Replying to TZ Media:

Hi @drivdigital

I suggest that you don't simply paste the link into the plain text, but instead set it as a link via the editor. This way, there's no embed created, and the reader can click on the link to open the linked site directly, without having to copy the URL into a new browser window or so.

#6 in reply to: ↑ 5 @azaozz
3 years ago

  • Keywords 2nd-opinion removed
  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Replying to drivdigital:

Also, this shouldn't be happing by default – it should be detecting it has oEmbed and asking 'should this link show a preview', not just overwriting and embedding.

You mean it should show a popup every time a user tries to embed something? How annoying would that be? :)

This shortcut has been around for a while (~5 years perhaps). If you paste embeddable URL at the beginning of a new line, the editor will try to embed it and show a preview. This is by far the most common user case.

If you want to add a link, do it the "proper way". Instead of pasting the URL, open the link modal (click on the link button, then on the cogwheel for the advanced options), then paste the URL in both "URL" and "Link Text" fields and click "Add Link".

Closing as worksforme, feel free to reopen with specific user case(s) we may be missing in the "insert a link" behaviour.

#7 follow-up: @drivdigital
3 years ago

A popup in the same sense of the bold / italic style when you highlight something — not as annoying as presuming a link should return a screenshot and have styles imposed on it without confirming i imagine.

As for the "proper way", I'm an experienced developer, it's different from me to the content editors that working on the websites, or for smaller businesses etc.

Is it worth suggesting a way for disabling oEmbeds without a plugin?

#8 @TZ Media
3 years ago

That would be a duplicate of #43713, then.

#9 in reply to: ↑ 7 @azaozz
3 years ago

Replying to drivdigital:

Is it worth suggesting a way for disabling oEmbeds without a plugin?

It's not that simple :) We can add another setting (somewhere) to disable support for oEmbeds, but it would be somewhat misleading. Admins and Editors can paste "unfiltered HTML", so they will still be able to paste any embedded code in any post or text widget. Then again, adding yet another setting to disable functionality that has been in WP for many years is probably best left for a plugin.

Note: See TracTickets for help on using tickets.