This content is running inside a Discourse post via an injected iframe.
Iframe origin:
Parent frame:
JS execution: Active
Sandbox flags: allow-scripts allow-forms allow-popups
Bypass method: Missing regex end anchor in origins_to_regexes
Regex matched: /\Ahttps:\/\/www\.youtube\.com/i