degov-8.x-2.0/modules/degov_media_social_media_embed/degov_media_social_media_embed.module

<?php

use Drupal\degov_common\Common;
use Drupal\media\MediaInterface;
use Drupal\Component\Utility\Xss;

/**
 * Implements hook_preprocess().
 */
function degov_media_social_media_embed_preprocess(&$variables, $hook, &$info) {
  // Add template suggestions and libraries implemented in this module.
  Common::addThemeSuggestions($variables, $hook, $info, [
    'module_name' => 'degov_media_social_media_embed',
    'entity_type' => 'media',
    'entity_bundles' => ['some_embed'],
    'entity_view_modes' => ['usage', 'preview', 'search', 'embedded'],
  ]);
}

/**
 * Implements hook_preprocess_media__HOOK().
 */
function degov_media_social_media_embed_preprocess_media__some_embed(&$variables) {
  /* @var \Drupal\media\Entity\Media $media */
  $media = $variables['elements']['#media'];

  if ($media instanceof MediaInterface && $media->hasField('field_some_embed_code') && !$media->get('field_some_embed_code')->isEmpty()) {
    $variables['code'] = [
      '#markup' => $media->field_some_embed_code->value,
      '#allowed_tags' => degov_media_social_media_embed_allowed_tags(),
    ];
  }
}

/**
 * Returns allowed tags for some_embed media bundle.
 *
 * Allowed are the tags from Xss::getAdminTagList() plus iframe, blockquote and
 * script. Make sure that bundles of some_embed can only be added/edited by
 * trusted users!
 *
 * @return array
 */
function degov_media_social_media_embed_allowed_tags() {
  return array_merge(Xss::getAdminTagList(), ['iframe', 'blockquote', 'script']);
}