oEmbed is an open format designed to simplify the embedding of the contents of one web page into another. Content may include photos, videos, links, or other types of data.
The exchange of information, from the point of view of oEmbed, occurs between the supplier and the consumer. The consumer wants to show a built-in representation of a third-party resource on his own site, for example, it can be a photo or video. The provider implements an oEmbed API to enable delivery of this content to the consumer.
Security
The OEmbed provider returns the HTML embed code to the consumer page. This opens up the possibility of an XSS attack if an attacker controls a content provider.
For added security, you can embed the provider's HTML code through an intermediate web server in another domain using an iframe.