Document the security concerns to inherent to oembed and embedded content

This is not a security issue.

oEmbed allows us to easily embed content from other sites, but it's so easy that some users may not recognize the inherent risks of allowing unchecked HTML to be embedded on their Drupal site.

The module's current security strategy is whitelisting. Providers are disabled by default (except in the embed.ly module, which probably should change).

For the input filter, the ordering of the filter within the format can affect security. If the filter is the last one in the format, it will output embedded content as is. If the filter precedes the HTML filter, the embedded content will be filtered as if the user added it herself.

Proposal:

• Explain that whitelisting is a security strategy and not just a preference.
• The default option for embed.ly providers should be DISABLED, and changing this should be highlighted as a possible risk unless we can indicate that embed.ly does its own filtering of content before passing it to consumers.
• Support filtering of embedded content for rich and video types outside of the input format context. Support different filter options for these two types. Default should strip out SCRIPT elements.
• Highlight http://www.oembed.com/#section3 in README. Document the iframe technique described as an advanced method to be very secure with all providers.

We're not suggesting that oEmbed is insecure, but we should be much more cautious about the potential. If someone enables this module, enables all providers, and allows all users to embed content, this might be a risk! If pastebin or tumblr has a vulnerability, an exploit might be transmitted to any site that can embed its content.