> Using WordPress, it was easy to paste in a link and have it converted to an embed. But I don't want to direct people to a dangerous site.
You can put the embed inside a <div inert> element to make it non-interactive.
Demo: https://output.jsbin.com/wuwukiv/quiet