It looks like the standard way of oneboxing a movie is now with a type of video.movie and we didn’t support a period in that field. I’ve fixed it in this commit:
Unfortunately after applying the fix, while the iframe is not raw HTML it still does not display. It looks like the video URL is not one that can be shown in a video tag. It seems to be a HTML URL for showing a video using Javascript and not an actual video.
I have not tried the fix yet because it hasn’t passed all tests yet, but I understand that the onebox will now render like it previously did in the preview, i.e. like a non-video onebox?
What I don’t understand is why it rendered fine in the preview but not the final result.
With the number of onbox issues reported over the past weeks, my impression is that oneboxing is a rather fragile feature in discourse and although I’m not sure if anything can be done about this, it would be nice if this kind of raw html result could somehow be made impossible, i.e. to have some double checking going on that would notice if that happens and revert back to secure grounds.
I understand that, but I was wondering if it could be made more rigid by detecting when “garbage out” is about to occur and instead of actually rendering the garbage revert back to, say, a plain hyperlink.
We can’t possibly account for all the different ways people can mess up their sites. For this, we’d have to crawl the embedded URL and make sure it’s a playable movie URL. That’s a lot of work to handle a site that is broken!
That’s just Travis being temperamental, it was built fine.