Youtube oembed with double quotes in title breaks html

[matiyin]

Steps to reproduce:

1. Navigate to Post > Add New.
2. Paste the following link: https://www.youtube.com/watch?v=DLQg3Tw4bDc
3. Click Preview.
4. 🐞 Notice that the iframe produced by the oembed breaks on double quotes in the title, because the title is not escaped. See screenshots.

The bug was already present in previous versions, at least down to 5.8.x.

Normally it's not a 'showstopper' because the browser handles the broken html well, but it's not clean and correct.
I noticed because I'm using the REST API to build a static js site, and the build breaks on the error "invalid html detected". Searched the break and found it was caused by this youtube video embed.

[matiyin]

youtube oembed block breaks html already in gutenberg editor

[matiyin]

example of REST api output with broken html

[peterwilsoncc]

Hi @matiyin and welcome to trac!

This appears to be a YouTube bug in the HTML they provide when embedding a video. YouTube provide ​the HTML in a URL on their site that WordPress then uses.

I've sent some feedback to YouTube via their site but will keep this ticket open until I hear back. If I don't hear back this week, I'll see if I can get in touch via another channel.

Thanks for the report!

[matiyin]

Replying to peterwilsoncc:

Hi @matiyin and welcome to trac!

This appears to be a YouTube bug in the HTML they provide when embedding a video. YouTube provide ​the HTML in a URL on their site that WordPress then uses.

I've sent some feedback to YouTube via their site but will keep this ticket open until I hear back. If I don't hear back this week, I'll see if I can get in touch via another channel.

Thanks for the report!

Ha! Who would have thought... thanks for relaying it to Youtube @peterwilsoncc!