A few days ago, I was scrambling to embed an Instagram profile on my webpage, and I did not think that a simple instagram embed would have a small rabbit hole; from websites offering their own scripts to instagram not having a functional code copy button was just baffling to me.
Embedding a instagram profile
To embed a instagram profile, you will just have to copy the instagram link and add /embed
to the end of the url. So, for example if your profile link is https://www.instagram.com/wlop
, the embed url would be https://www.instagram.com/wlop/embed
.
Here’s an example of how you would use it in an iframe.
<iframe src="https://www.instagram.com/wlop/embed" height="400px" style="border:0"></iframe>
Diving deeper
The funny thing is that the other websites were referring to use of some scripts (?) but, I am unsure if its the official way since even the embed button on the instagram website was broken.
I saw a few websites like embedista.com and instaembedcode.com but i noticed that they add a secret javascript at the end of the url.
When I checked it, both websites tried loaded a tracking url for a Russian website (thankfully blocked by ublock origin), but whats to say that it wouldn’t load a malicious script to deter the user on the website where the code is embedded.
Conclusion
Always look at the code generated by the “generator” websites and do not copy paste anything you see on the internet.
I also submitted a bug report to meta and I will update this page, if meta ever gets back to me.