Onebox shown as iframe raw html

I’m having trouble with the oneboxing of this url:

It is rendered correctly in the preview but once the post is saved, the raw html of the iframe is shown instead of the onebox.

In case it matters: I am editing another users post who has posted the url as an ordinary link.

Update: it obviously didn’t matter, since the same is happening in this post.


That is super strange. I will look into it.


It looks like the standard way of oneboxing a movie is now with a type of and we didn’t support a period in that field. I’ve fixed it in this commit:

Unfortunately after applying the fix, while the iframe is not raw HTML it still does not display. It looks like the video URL is not one that can be shown in a video tag. It seems to be a HTML URL for showing a video using Javascript and not an actual video.


I have not tried the fix yet because it hasn’t passed all tests yet, but I understand that the onebox will now render like it previously did in the preview, i.e. like a non-video onebox?

What I don’t understand is why it rendered fine in the preview but not the final result.

With the number of onbox issues reported over the past weeks, my impression is that oneboxing is a rather fragile feature in discourse and although I’m not sure if anything can be done about this, it would be nice if this kind of raw html result could somehow be made impossible, i.e. to have some double checking going on that would notice if that happens and revert back to secure grounds.

The preview cannot play a video, so it makes up HTML based on the image and text provided.

The actual content uses the video tag and the URL they provide, which is broken in this case.

Oneboxing is indeed fragile because it depends on content on other people’s sites that is free to change at any time.

1 Like

I understand that, but I was wondering if it could be made more rigid by detecting when “garbage out” is about to occur and instead of actually rendering the garbage revert back to, say, a plain hyperlink.

BTW: the commit seems to have failed the tests…

We can’t possibly account for all the different ways people can mess up their sites. For this, we’d have to crawl the embedded URL and make sure it’s a playable movie URL. That’s a lot of work to handle a site that is broken!

That’s just Travis being temperamental, it was built fine.