New Permission For Sending Embeds

[Skillz4Killz]

Hello 👋

Can we please make separate permission for bots sending embeds. Especially with the new features showed off recently using embeds I expect even more bots to use embeds meaning more bots are going to require EMBED_LINKS.

Right now bots require EMBED_LINKS in order to be able to send embeds. A lot of bots possibly the majority are using embeds and this means every server is most likely granting EMBED_LINKS. In fact, if you create a new server by default the everyone role grants you this permission. Although this is relatively harmless, it could actually become potentially harmful because of stuff like #1653 . For example, any bots that respond with users message content like say or reminder could now be abused to send with URLs that expand to show pornography or who knows what else.

This is a similar issue as to allowed_mentions behavior. Until allowed_mentions came along devs had to parse mentions and users always continued finding new ways to break those parsers. This is why I believe it is necessary to create a permission for bots alone to be able to send embeds.

As an alternative, I actually believe the EMBED_LINKS could be made to not be required to send embeds. Every bot should be able to send embeds no matter what in my opinion. This would make the EMBED_LINKS permission ONLY for links/urls.

Relevant Conversation: https://discordapp.com/channels/613425648685547541/697489244649816084/710932452344070228

Thank you.

[muddyfish]

Related to #1427 I think the suggestion there seems a lot cleaner in general though.

[Skillz4Killz]

Possibly but no I don't think SUPPRESS_EMBEDS alone solves this as that would also suppress the bots embeds as well. Then youd also need to separate SUPPRESS_EMBED into suppressing bot embeds and suppressing embedded links

[tjrgg]

I'm not sure how I feel about bots being allowed to send embeds no matter what. It stands to reason that the same reason why embeds might be harmful when users post them also applies to bots. I do agree that the "Embed Links" permission is a bit much and I wish there was a bit more flexibility.

What about a guild setting that controls whether or not bots are allowed to post embeds inside the guild? This would effectively make the permission "Embed Links" only for links (as the permission implies), but also give the guild owner/administrators the option to not have bots use embeds, if they so choose or aren't willing to accept the risks that come with embeds. This would more closely mirror similar functionality available to users (option to disable embeds, suppress embeds with <>).

[night]

We most likely will not tear this into different permissions, since embeds and links are one in the same functionality wise. It is possible we may explore better permission acquisition for bots in the future, which may improve the flow of bots obtaining permissions they require for functionality.