Hello,

When I visit this post ani.social/post/2611163 my browser downloads a random file called “master.m3u8”

I’m running firefox 115.8.0esr with the darkly-red theme for lemmy.

With this option enabled “Auto expand media”.

The offending line appears to be the following: <iframe class=“post-metadata-iframe” allowfullscreen=“true” src=“https://prod.vodvideo.cbsnews.com/cbsnews/vr/hls/2024/03/11/2317151299662/2750480_hls/master.m3u8” title=“House Democrats try to force floor vote on foreign aid for Ukraine, Israel, Taiwan”></iframe>

From a security perspective, using a iframe to anything posted seems dubious?