oEmbed

[universewrld]

Is your feature request related to a problem? Please describe.

I suggest adding this standard to Joomla. This standard is already used by WordPress, Drupal and TYPO3, which allows you to display content from all well-known websites on the Internet.

I want this standard to be in the CMS at the kernel level (or as a plugin that can be enabled). So that any editors, modules and components can use this solution through the built-in API.

Describe the solution you'd like

https://oembed.com/
https://en.wikipedia.org/wiki/OEmbed
https://github.com/iamcal/oembed

Additional context

Libraries

PHP: php-oembed (http://code.google.com/p/php-oembed/)
PHP: Services_oEmbed (http://pear.php.net/package/Services_oEmbed)
PHP: Essence (https://github.com/felixgirault/essence)
PHP: Embera (https://github.com/mpratt/Embera)
Perl: Web-oEmbed (http://search.cpan.org/~miyagawa/Web-oEmbed/)
Ruby: oembed_links (http://github.com/netshade/oembed_links)
Python: pyoembed (http://github.com/rafaelmartins/pyoembed/)
Python: PyEmbed (http://pyembed.github.io)
Python: python-oembed (https://github.com/abarmat/python-oembed)
Django: micawber (https://github.com/coleifer/micawber)
Java: java-oembed (https://github.com/michael-simons/java-oembed)
.Net: oEmbed API Wrapper (http://oembed.codeplex.com/)
JQuery: oEmbed API Wrapper (https://github.com/starfishmod/jquery-oembed-all)
Node.js: oEmbed API Gateway (https://github.com/itteco/iframely)
Elixir: furlex (https://github.com/claytongentry/furlex)
Elixir: elixir-oembed (https://github.com/r8/elixir-oembed)
Any: oEmbed API proxy endpoint for open-source projects (http://oembedapi.com)

The easy embedding feature is mostly powered by oEmbed, a protocol for site A (such as your blog) to ask site B (such as YouTube) for the HTML needed to embed content from site B.

oEmbed was designed to avoid the need to copy and paste HTML from the site hosting the media you wish to embed. It supports videos, images, text, and more.
https://wordpress.org/support/article/embeds/#oembed
https://drupal.org/project/oembed

[brianteeman]

https://oembed.com/#section3

[universewrld]

@brianteeman Maybe then you can make a whitelist by default from all domains that are published on the site https://oembed.com/#section7. I think all sites are safe there.

And also make it possible to select in the plugin as an option:

a) show domains only from the white list
b) do not show from the black list
c) show all domains

And the second - if the administrator wants it, he can choose a provider to display the content, for example, there are two well-known providers - 1) https://embed.ly/ and 2) https://iframely.com/ or 3) he can put any other provider. This setting will be similar to Mozilla when using Cloudflare for DoH.

JomSocial is currently using embed.ly, and Kunena will also soon integrate this provider into his forum.

I believe that this is already a de facto recognized standard for embedded content and we cannot refuse it, because other popular CMS and all social sites have been using it for many years. And for security, each website administrator will be able to choose an option - whether to use this option or not. And also in the plugin to enable this, we can also specify the safety information from paragraph 3.

For security, by default it will be recommended to include only a white list of sites from trusted providers that are listed on the site oembed.com.

[peteruoi]

https://wordpress.org/support/article/embeds/#oembed

What About oEmbed Discovery? #What About oEmbed Discovery?
As of version 4.4, WordPress supports oEmbed discovery, but has severe limitations on what type of content can be embedded via non-whitelisted sites.

Specifically, the HTML and Video content is filtered to only allow links, blockquotes, and iframes, and these are additionally filtered to prevent insertion of malicious content. The HTML is then modified to be sandboxed and to have additional security restrictions placed on them as well.

However, if you feel you are knowledgeable enough to not require this level of safety, you can give unfiltered_html users (Administrators and Editors) the ability to embed from websites that have oEmbed discovery tags in their .

There are ways to preven security issues. Unless you want to file a security issue against wordpress oembeded.

I think it's a very nice feature (maybe for 4.1) but the problem is who is gonna program it...

[universewrld]

@peteruoi Yes, I said about the same. I hope this feature will be included in a future release!
We can by default make a white list of sites - such as Facebook, YouTube, Twitter and others that are officially represented on this site - https://oembed.com/#section7 and also warn that this will threaten the website’s security if the administrator enables this function without a white list.

[brianteeman]

You do realise that there are extensions already available

[universewrld]

@brianteeman This is necessary at the core level of the CMS. Like a plugin with options. Standard component com_content and modules and all website content can use this option to embed content.

Here is a white list of all trusted providers:

7.1. Providers

Providers are available programatically as a json file: http://oembed.com/providers.json.

To add new providers, please fork this repo on GitHub and add/modify providers/*.yml.

Everyone will be able to use content embedding without third-party components. There are many trusted providers. This is much better than any other Joomla component I've seen. Usually, Joomla components have at best 10-15 providers, but there are hundreds of them, and all of them are proven. This is a very necessary option in the CMS.

[peteruoi]

I think copy paste a youtube link or a twitter or something similar should be available to joomla core editor. It 's not rocket science, and i think it's a missing feature from our code editor. The ombeded project seems alive and other major cms players trust it. If you think that other extensions from joomla eco system will die from integrating this ok let it be.
I also understand the don't propose if you don't program mentality. Too many ideas too few programming hands. I also respect it.
However don't tell me that this feature is useful only for the few, or too specific to be in core. It's common standard for today's editors. And joomla wants to be easy for generating content. And no copy paste the code of an iframe code of a youtube video is not user friendly.

Just a humble opinion. I know how much you help the joomla project in so many different ways. But don't shoot down ideas too strongly.

[micker]

I am agree oemebed works like a charm... It Will be à good Adding on editor

[ReLater]

other major cms players trust it

Just to clarify this statement: When I look around only wordpress seems to. Others use 3rd extensions. Or am I weong? When I follow your Drupal link above I read "This project is not covered by Drupal’s security advisory policy.".

It's common standard for today's editors.

Hm, is there a TinyMCE plugin on the market? I couldn't find any.

In Joomla:
All you have to do is to write a editor-xtd plugin and a second plugin, normally a content plugin, that sends the request and places the returned HTML. But you could also use a system plugin.

I think it's a very nice feature (maybe for 4.1) but the problem is who is gonna program it...

That's it. In the end it makes absolutely no difference if it's a 3rd extension or integrated in core. You have to find a volunteer ;-) By the way: I would prefer a 3rd extension.

[brianteeman]

its already available as an extension