Onebox blacklist

onebox
blacklist
Tags: #<Tag:0x00007f4787953910> #<Tag:0x00007f4787952a88>

#1

I just added youtube.com and www.youtube.com to the Onebox blacklist.

Onebox is the feature in Discourse that embeds articles into the post if you put a link on a line by itself. Our Discourse already downloads images in the background, to prevent broken images, but mostly to prevent leaking user actions on the web. Better to host a copy here, than for each visitor to phone home, because someone shared a blog link.

YouTube loads a player into the page, in a so-called safe iframe. It requires the browser to download directly from YouTube, so blacklisted.

I don’t link to non-bloggy sites, or news sites which generally run WordPress or whatever, and they just embed as a title, except and maybe features image (which is queued to pull over). But obviously we don’t want to leak to any social media sites.

So please help me generate a list of sites to blacklist. Aside from YouTube, which other domains should we block from embedding scripts into the forums?