Analyze oEmbed cache renders all the embeds

  • If I check “Clear oEmbed cache” and click “Analyze (detail)”, all the embeds are rendered in the browser. This is bad for multiple reasons: first, trying to render 80k embeds slows the entire system down. Second, this is probably a security risk: it may allow stored XSS, where a user can insert an embed that runs in my admin browser context.

  • You must be logged in to reply to this topic.