[NSFW] Why is it WordPress Automatically Embeds the NSFW Site RedGifs URLs?

  • I’ve been trying to remove all possible sites from being embedded in WordPress when the url is posted.

    For some reason, I can’t do a global removal of all embeds by using plugins like Disable Embeds or calling on wp_dequeue_script function or any of the other options out there for removing embeds globally.

    Although singling out websites like this appears to work:

    function remove_oembed_provider() {

	wp_oembed_remove_provider( '#https?://((m|www)\.)?youtube\.com/watch.*#i', true );
}
add_action( 'init', 'remove_oembed_provider' );

    When doing testing, I noticed the NSFW site Redgifs automatically embeds itself in an iframe when the video/gifs url is posted.

    The aforementioned code doesn’t work for them, probably because Redgifs doesn’t appear to be an OEmbed provider.

    I was under the impression WordPress will only automatically embed urls when they are from the approved whitelist: https://www.ads-software.com/support/article/embeds/#okay-so-what-sites-can-i-embed-from

    Redgifs is not approved, yet still embeds. Does anyone know why? And how I can remove their links from being embedded/iframed?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi, @homelesshenry:

    That’s correct: the wp_oembed_remove_provider function can only remove “sanctioned” or manually added providers. It doesn’t allow you to “block” providers not already registered in the sanctioned list. By default, WordPress will attempt to auto-discover the oEmbed endpoint of any URL not matching those in the list.

    To prevent oEmbed across the site, have a look at the filter pre_oembed_result. This allows you to override oEmbed results prior to making external calls (i.e. before attempting discovery).

    For instance, you could hook that and force it to return false, so that only the original URL is returned for frontend display. Something like:

    add_filter( 'pre_oembed_result', 'my_pre_oembed_result', 10, 3);
function my_pre_oembed_result( $result, $url, $args ) {
   $result = false;
   return $result;
}

    Unfortunately, this doesn’t prevent the block editor from loading previews of oEmbed URLs, so additional overrides would be needed to prevent their display on the backend.

    If you discover a solution or plugin that handles both sides of the equation, please post it here to share with the rest of our community!

    Good luck!

    Thread Starter homelesshenry

    (@homelesshenry)

    @ironprogrammer

    Hey, thanks a lot! That actually solved the issue for me.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[NSFW] Why is it WordPress Automatically Embeds the NSFW Site RedGifs URLs?’ is closed to new replies.