Enable oEmbed Discovery

Description:

WordPress 2.9’s embeds feature is pretty handy if I may say so myself (I wrote it). However for security purposes, discovery is disabled. This plugin enables it for users with the unfiltered_html capability (Administrators and Editors by default).

What is oEmbed discovery?

Website owners can add a bit of HTML to their head that says where their oEmbed provider is located. This allows consumers such as WordPress to embed things from their website without WordPress specifically knowing about their website before hand.

However this is disabled in WordPress by default to prevent someone (either on purpose or by accident) from embedding content from a malicious website.

So oEmbed discovery is bad?

No, it’s just powerful and has risks. Whatever HTML the remote website provides is used directly. Normally that’s fine, but they could also provide HTML that is bad for you and your visitors. So it’s best if you know what you’re doing which is why it’s disabled in WordPress by default.

Download:

28 thoughts on “Enable oEmbed Discovery

  1. Pingback: New Plugin: Enable oEmbed Discovery « Viper007Bond.com

    • No. Only certain HTML is allowed on WordPress.com for security reasons (no one there has the unfiltered_html capability). This would allow users to bypass the restriction if it was enabled there.

  2. Pingback: WordPress Plugin Releases for 12/17 « Weblog Tools Collection

  3. The plugin doesn’t seem to be working unless I have missed something?

    WordPress version 2.9, plugin installed, only one user (admin created on installation of wordpress)

    Youtube urls are not converted, ebmed shortcode has no efffect.

  4. Deactivating plugin results in blank admin screen and does NOT deactivate plugin. Only way to deactivate is to manually delete form plugin folder

  5. Ok, plugin works, but cannot be uninstalled without crashing admin screen and even if uninstalled does not deactivate.

    I have manually deleted the plugin from the plugin folder and yet the embed feature still works even though plugin is not present. Which sort of renders the security reasons for not auto enabling this feature in wordpress moot.

  6. OK I am realising where my error lies. It stems from this page: http://codex.wordpress.org/Version_2.9

    which says the following about the embed feature: “Easier Embeds with oEmbed support (see Ticket #10337) (crippled by default, use plugin to enable it) ”

    Which would seem to indicate that the whole embed feature is crippled when in fact its just the discovery feature (they really could have explained that better) and this plugin is only needed for discovery. (which, in fairness, is what the plugins page in the repository says about the plugin)

    anyway I had the wrong starting assumption, my apologies for any confusion I caused. I was looking for the wrong indicators the plugin worked. disregard all my previous comments.

  7. Just the addition of one word : Discovery : would be enough

    Easier Embeds with oEmbed support (see Ticket #10337) ( –discovery– crippled by default, use plugin to enable it)

    The lack of that one word threw me. Of course if I had paid closer attention to what YOUR plugin page said I would have caught the error (colour me sheepish)

  8. Pingback: Chase your dream! » oEmbed ? WordPress

  9. Okay, maybe I’m missing something, but what exactly does this do for me? Can I just include a link to a page:

    http://site.com/file

    and it will embed any video from that page? Or is there an embed code I need to use?

    {oembed}http://site.com/file{/oembed}

  10. Pingback: Unter der Motorhaube #6 » F!XMBR

  11. Pingback: test nouvo « vedovini.net

  12. “Website owners can add a bit of HTML to their head that says where their oEmbed provider is located.”

    Yeah, that’s pretty vague. Obviously something needs to be done AFTER installing the plugin, but that’s all the installation instructions say.

    *What* bit of HTML to the head section must we add?

  13. I don’t seem to be able to use this. i’m on a wordpress blog, with plugin enabled. i’m creating a page – i paste the url of an enabled page ‘http://www.videojug.com/film/how-to-use-visual-voicemail’ and it doesn’t convert this to an oembed page. where am i going wrong?

    • That site incorrectly implements the oEmbed discovery protocol as it’s using relative URLs rather than absolute (full) URLs. WordPress only supports full URLs.

      <link id="oembed_json"  rel="alternate" type="application/json+oembed" href="/oembed?url=how-to-use-visual-voicemail&format=json" title="How To Use Visual Voicemail" />
      <link id="oembed_xml" rel="alternate" type="application/xml+oembed" href="/oembed?url=how-to-use-visual-voicemail&format=xml" title="How To Use Visual Voicemail" />

Leave a Reply