- Pasting an HTML embed code (e.g. from Vimeo or YouTube) instead of a URL no longer breaks the entry edit page (fixes #181). Thanks @tomfischerNL
- HTML embed codes are now rejected in
normalizeValue()andOembedService::embed()— including any bad data already stored in the database — so they are never saved or rendered - The CP field input value is now properly HTML-escaped, preventing HTML injection from malformed stored values
- A clear validation error ("Please enter a URL, not an HTML embed code.") is now surfaced inline in the Control Panel when an embed code is submitted
- Unit tests for HTML embed code rejection in
OembedFieldTestandOembedServiceTest
- URLs without scheme (e.g.,
youtube.com/watch?v=xxx) are now automatically normalized withhttps://instead of being silently cleared on save (fixes #177) - Fixed inconsistent return type in
normalizeValue()when input was already anOembedModel- now consistently returnsOembedModelinstead of a string
- Unit tests for URL normalization in
OembedFieldTest
- Broken URL notifications now include the invalid URL (fixes #170)
- GraphQL TypeError when querying entries with empty oEmbed URLs (fixes #156)
- Cookie file accumulation via automatic cleanup (fixes #152)
- Docker-based test environment with PostgreSQL
- Codeception + Craft CMS testing integration
- Unit + functional tests across services, models, jobs, and providers
- CI pipeline for automated testing and coverage reporting
- Defensive validation with XSS protection in notifications
- URL normalization at entry points to prevent null/empty URL issues
- Configurable cookie cleanup with console command and throttling
- Fixed broken URL email notifications not including the invalid URL in the message. Resolves #170
- Fixed GraphQL error when querying entries with empty oEmbed URLs. Resolves #156
- Fixed cookie file accumulation issue where embed-cookie files were not being cleaned up. Resolves #152
- Added comprehensive validation to prevent empty or null URLs from causing notification issues
- Enhanced email template with better formatting and XSS protection
- Added debug logging for broken URL notification system to aid troubleshooting
- Fixed TypeError in generateCacheKey() when processing null URLs from GraphQL queries
- Implemented automatic cookie cleanup system with configurable cleanup intervals and file age limits
- Added unit tests for broken URL notification system
- Added validation layers across the notification flow (service → event → job)
- Added comprehensive unit tests for OembedModel null URL handling
- Added URL normalization at entry points (model constructor and service method)
- Added cookie cleanup console command (
php craft oembed/cookie/cleanup) - Added cookie cleanup settings:
enableCookieCleanup,cookieMaxAge, andcookiesPath - Added automatic cookie cleanup on plugin initialization with throttling to prevent performance impact
- Added comprehensive unit tests for cookie cleanup functionality
- Fixed DOM parsing errors by properly escaping unencoded ampersands before parsing HTML. Thanks @mofman
- Fixed issue from #178 craft\web\View::renderJsFile() in "oembed/settings"
- Added improved GDRP support for Cookiebot. Thanks @MangoMarcus
- Allow oEmbed code that includes an iframe to render all of it's HTML instead of just the iframe
- Passing the option & cache variables to the anonymous function for parsing tags. Thanks @JeroenJRP
- New parser to output embeds added in CKEditor using it's Media embed feature. Thanks @JeroenJRP
- Removed Assets from console. Relates to #158. Thanks @jeffreyzant
- Added support for adapter extractor support to allow custom site handling
- Refactor EmbedAdapter to handle extractor object to support better fallback for some websites
- Resolves error when querying an entry with a empty oEmbed URL. Thanks to @jaapfaes for PR #157
- Resolved GraphQL issues. Special thanks to @davidwebca
- Resolve YT loop issues. Reported by @holiday-jan in issue #146. Thanks @holiday-jan
- Fixed issue with src attribute not being set on iframe. Reported by @holiday-jan in issue #146. Thanks @holiday-jan
- Rework preview handling
- Updated README docs
- Fallback .code for certain providers, this completely blocked GraphQL users. Reported by @yoannisj in issue #129. Thanks @yoannisj
- Modified handling of empty embedded media codes
- Adds version to cache key to prevent cache key collisions.
- Add GDPR compliance with CookieBot settings and functionality. Reported by @joepagan in issue #131. Thanks @joepagan and @iparr for discussion and logging.
- Add data mapping and fallback for image properties. Reported by @maxfenton in issue #143 and @helleholmsen in issue #145. Thanks @maxfenton and @helleholmsen
- Handle all exceptions in OembedService to prevent edge case errors. Reported by @holiday-jan in issue #141. Thanks @holiday-jan
- Update embed/embed to v4 to allow for support with newer plugins.
- Added fix for issue #138, caused by static return type on the JobInterface. Thanks @laurabennett
- Added @sgtpenguin 's PR to avoid GraphQL bug by defaulting the height and width to NULL for the fallback adapter. Thanks @sgtpenguin
- Added default caching keys to resolve missing field data while cached
- Fix Craft 4 type compatibility. THANKS @raymondelooff
- Fix a side effect of #101 fix where the preview and embed will fallback to the default Craft site if no or invalid URL is provided (@juban)
- Converting DOMDocument to JSON and back to StdClass due to error "Serialization of 'DOMDocument' is not allowed" with caching in PHP 8.
- Fixed
requiredoption not applying
- Added
ext-domrequirement
- Fix for issue #101 for the v2 version track for Craft v4. Thanks again @juban
- Updated plugin to support Craft v4
- Removed requirement for Craft v3 and requiremnt is now PHP to >=8.0.2
- Fix for issue #101, where the plugin is unable to set a webpage as a valid source URL. Thanks @juban
- Add referrer to Embed for videos with privacy restrictions.
- Changes to the handle of FallbackAdapter with no URL.
- Preview changes
- Fix issue with blank URLs where fallback adapter sets URL to '/'. This also fixes #88 issue.
- Added fallback adapter for invalid URLs and PHP 8 issues, thanks @gglnx. This also fixes #81, #76 issues.
- Fixes issue with caching key, thanks @mijewe.
- Fixes to 'class@anonymous' handling, this should help resolve issues #81, #50, #10.
- Updated CHANGELOG dates.
- Fixes issue with
paramsoption not applying if query / GET params not yet set, this resolves issues #53.
- Fixes issue with code changes due to PHP namespacing.
- Updates to caching key to support embed options, this resolves issues #73.
- Updates to OembedModel / GraphQL bugfixes, this resolves issues #74 and PR #75. Thank you to @joshuabaker, @denisyilmaz and anyone else I missed.
- Clean up bugfixes changes
- Added new render option called
attributesto allow custom attributes to bet added to iframe element, this resolves issue (#51).
- Add settings-input for Facebook/Instagram access token. Thanks Floris aka @FlorisDerks
- Fix to normalizeValue function on GraphQL field's
__get()magic method. Thanks @joshuabaker
- Fix to GraphQL bug caused by PHP NULL coalescing operator from issue (#46).
- Fixed GraphQL bug
Internal Server Error: GraphQL fails to get oembed fields(#46).
- (NEW FEATURE) Added GDPR setting to transform URL's for Youtube and Vimeo to their GDPR versions. This happen's without needing to change existing URL's.
- (NEW FEATURE) Added setting to hide preview iframe in the new a collapsable UI component.
- (NEW FEATURE) Added notification by email for broken URLs which can be set up in plugin settings. This feature is still under development and new feature's like Slack, Microsoft Team notification channels will be added including support to update the notify message copy.
- Preview iframe is now rendered into a collapsable component to save space.
- Add
overflow:hiddento iframe to prevent overflow (#37).
- Allow users to set width and height on the iframe (#35).
- Removed package dependacy to get PHP 7.0-compatible (#33)
- Fixed "Upgrading to 1.2.0+ disables admin UI (#32)" bug caused by LibXML rendering self closing
iframe.
- Updated README with usage of new feature.
- (NEW FEATURE) Add new
paramsoption to allow you to set missing URL query params that are supported by the providers oembed protocol. (#24 & #30)
- Re-add
relfeature missing due to merge conflict. (#24)
- Fixed "Undefined index: autoplay" warnings. (#26)
- Support Youtube and Vimeo
autoplay,loopandautopauseembed feature via DOM manipulation. (#14)
- Array to string conversion bug due to lack of a recursive function. (#17)
- Support custom control panel (
cpTrigger) configurations.
- Caching is now a field you enable in new settings area.
- Updated to prevent <script/> rendering outsite
/admin/entries, with support ifadminisn't the CP URL trigger.
- Updated to allow better support for sites which don't quite meet the oEmbed format requirements.
- Added
validmethod to handle errors gracefully (Thanks @iparr). - Added data caching for parsed URLs to help increase page response time.
- Updated docs.
- Version bump.
- Fix bug in field type rendering.
{note} The plugin’s dependence has changed from
essence/essencetoembed/embed. After updating to oEmbed 1.1.0 or later, make sure you reference to the README and test your site for possible missing/ renamed twig object keys.
- Updated composer package
essence/essencetoembed/embedto handle more edge case URLs.
- Fix bug where field is in Matrix field and the AJAX event action isn't bound / fired until after entry initial saved
- Allowing support for CraftCMS v3.1
- Prevent JS asset rendering on frontend
- Revert javascript to use jQuery
- Refactored javascript to use native JS over jQuery
- Changed preview controller action access to prevent anonymous access
- Refactored the preview action to use a template with wrapper to allow for future styling and updates
- Initial release and migration from previous project