Onebox blacklist

I just added and to the Onebox blacklist.

Onebox is the feature in Discourse that embeds articles into the post if you put a link on a line by itself. Our Discourse already downloads images in the background, to prevent broken images, but mostly to prevent leaking user actions on the web. Better to host a copy here, than for each visitor to phone home, because someone shared a blog link.

YouTube loads a player into the page, in a so-called safe iframe. It requires the browser to download directly from YouTube, so blacklisted.

I don’t link to non-bloggy sites, or news sites which generally run WordPress or whatever, and they just embed as a title, except and maybe features image (which is queued to pull over). But obviously we don’t want to leak to any social media sites.

So please help me generate a list of sites to blacklist. Aside from YouTube, which other domains should we block from embedding scripts into the forums?

This is an open call: if a site is abusive or otherwise :ng:, make a new post in #meta explaining. We’ll get on it. :slight_smile: