oembed API response is not fully compatible with the spec

[Kirby]

Affected version

xenforo.com

https://xenforo.com/community/api/oembed/?url=https://xenforo.com/community/threads/boosting-performance-in-xenforo-2-3.216767/ returns the following response:

{
    "version": "1.0",
    "type": "rich",
    "provider_name": "XenForo community",
    "provider_url": "https://xenforo.com/community",
    "author_name": "Chris D",
    "author_url": "/community/members/chris-d.11388/",
    "html": "<div class=\"js-xf-embed\" data-url=\"https://xenforo.com/community\" data-content=\"thread-216767\"></div><script defer src=\"https://xenforo.com/community/js/xf/external_embed.js?_v=2ee20907\"></script>",
    "referrer": "",
    "cache_age": 3600
}

According to the specification fields width and height are missing:

2.3.4.4. The rich type​

This type is used for rich HTML content that does not fall under one of the other categories. The following parameters are defined:
html (required)
The HTML required to display the resource. The HTML should have no padding or margins. Consumers may wish to load the HTML in an off-domain iframe to avoid XSS vulnerabilities. The markup should be valid XHTML 1.0 Basic.
width (required)
The width in pixels required to display the HTML.
height (required)
The height in pixels required to display the HTML.
Responses of this type must obey the maxwidth and maxheight request parameters.

 

[JoshyPHP]

If the markup is expected to be X(HT)ML, defershould be defer="" too. Not that anybody still uses XHTML, but some processors may try to load the markup as XML.