Last modified: 2014-02-28 20:36:20 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T31242, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 29242 - Extension to embed offsite media via oEmbed (video, photos, rich media)
Extension to embed offsite media via oEmbed (video, photos, rich media)
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
Extensions requests (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-02 00:20 UTC by Brion Vibber
Modified: 2014-02-28 20:36 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Brion Vibber 2011-06-02 00:20:03 UTC
Was reminded of oEmbed stuff recently; see bug 25854 for adding an oEmbed provider to MediaWiki.

It would also be useful in some situations to embed oEmbed-able resources from foreign sites. Simplest implementation would probably be as a parser function:

  {{#oembed:http://www.flickr.com/photos/brionv/5730494932/in/photostream}}

or to set an embedding size:

  {{#oembed:http://www.flickr.com/photos/brionv/5730494932/in/photostream|400x300px}}

Of course there are difficulties with being a safe oEmbed client:
* embedding foreign HTML without sanitization can be dangerous
* performing sanitzation may remove the interesting bits, like the video player :P

Hosting the embed content on a foreign iframe can work nicely, but this is hard to generalize.

A basic extension should probably do:
* provide a domain whitelist control that can be modified by sysops
* consider allowing photos from any domain? (embedding raw images is safe, but of course is a potential image vandalism vector)
* provide some fairly generic-ish way for a 'serve embed data from alternate domain' setup

This will be easier to do if future oEmbed versions add native iframe URL support to the return data.
Comment 1 Brion Vibber 2011-06-02 00:20:37 UTC
A toolbar button helper might also be nice; drag or paste a URL and let it drop the {{#oembed:}} into your edit window.
Comment 2 Brion Vibber 2011-10-16 19:53:22 UTC
Did a little stubbing at https://www.mediawiki.org/wiki/Extension:OEmbedConsumer -- experimental version on github currently is XSS-unsafe, uses the tag syntax, doesn't support flickr (no discovery), doesn't cache, etc. :)
Comment 3 Brion Vibber 2013-09-28 17:33:05 UTC
Note that there's a proposed successor protocol to oembed: http://iframely.com/oembed2

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links