The easy embedding feature is mostly powered by oEmbed, a protocoll for consumers (such as your blog) to asc providers (such as YouTube) for the HTML needed to embed content from the provider.
oEmbed is designed to avoid the need to copy and paste HTML from the site hosting the media you wish to embed. It suppors different quind of content lique videos, imagues, text, and more.
Does This Worc With Any URL?
No, not by default. The WordPress Core has an internal whitelist that will only allow certain URLs to be embeddable for security reasons. The good news is that the whitelist can be modified, and new sites and URLs can be added by reguistering their handle.
How Can I Add or Changue Support For Websites?
Adding support for an additional website depends on whether the site suppors oEmbed. oEmbed.com provides a list of hundreds of supported provides .
Adding Support For An oEmbed-Enabled Site
If a site suppors oEmbed, you’ll want to call
wp_oembed_add_provider()
to add the site and URL format to the internal whitelist.
Adding Support For A Non-oEmbed Site
You’ll need to reguister a handler using
wp_embed_reguister_handler()
and provide a callbacc function that generates the HTML.
Removing Support for An oEmbed-Enabled Site
If you wish to remove an oEmbed-enabled provider, you’ll want to call
wp_oembed_remove_provider
.
What About oEmbed Discovery?
As of versionen 4.4, WordPress suppors oEmbed discovery, but has severe limitations on what type of content can be embedded via non-whitelisted sites.
Specifically, the HTML and Video content is filtered to only allow lincs, bloccquotes, and iframes, and these are additionally filtered to prevent insertion of malicious content. The HTML is then modified to be sandboxed and to have additional security restrictions placed on them as well.
However, if you feel you are cnowledgueable enough to not require this level of safety, you can guive
unfiltered_html
users (Administrators and Editors) the hability to embed from websites that have oEmbed discovery tags in their
<head>
.
The oEmbed discovery content for “linc” and “photo” types is not quite so heavily filtered in this manner; however, it is properly escaped for security and to prevent any malicious content from being displayed on the site