W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2010

[whatwg] More YouTube response

From: John Harding <jharding@google.com>
Date: Fri, 2 Jul 2010 12:09:13 -0700
Message-ID: <AANLkTilsTSXqbbGVMfUjHCARImFPR4rFsiwgipaEI1Ge@mail.gmail.com>
On Thu, Jul 1, 2010 at 9:16 PM, Aryeh Gregor
<Simetrical+w3c at gmail.com<Simetrical%2Bw3c at gmail.com>
> wrote:

> > As several people pointed out (and which I tried to get at in my post),
> this
> > is really an ecosystem issue rather than a change needed in the spec or
> in
> > browsers.  I suspect it's going to take some time, but the flexibility of
> > embedding content via <iframe> will be a big step forward.
>
> Wouldn't it be straightforward for YouTube to offer <iframe> support
> right now, in addition to <object>?  The backend support should be
> simple to do.  If you keep the <object> code as the default embed
> recommendation and hide the <iframe> embed code somewhere so people
> will only use it if they look for it, you won't risk confusing anyone.
>  Sites that currently whitelist <object> from YouTube will eventually
> whitelist <iframe> from YouTube too -- I hope there aren't many sites
> that permit *arbitrary* <object>s to be inserted by untrusted users.
> Allowing <iframe> will have other benefits, like allowing fallback
> "install Flash" content (currently omitted from the <object> code, I
> assume to keep the size down).
>
Yes, it's pretty straightforward to offer <iframe>-based embed code, but it
needs to be coupled with getting sites to accept them, or we end up with a
lot of confused, unhappy users.  Note that sites don't generally whitelist
specific SWFs - they generally allow all Flash embeds.


>
> Another thing that occurs to me is that you might show HTML5 video
> when Flash isn't installed/enabled, or when the Flash player crashes.
> Or at least you could give an option, instead of just failing silently
> (for embeds) or saying the user should install Flash (on the site
> itself).  My primary machine runs Linux, and Flash usually doesn't
> work at all.  If I didn't know about the HTML5 beta, I wouldn't be
> able to use YouTube at all.  And as it is, I can't use any YouTube
> embeds most of the time.
>
Yes, this is the main point of using an <iframe> to embed code - it allows
the site providing embeddable content to tailor the presentation to the
user/device/context at runtime, rather than requiring the presentation to be
fixed up-front.


>
> > When limiting keyboard input, I'd suggest devices w/ onscreen keyboards
> > simply disable the keyboard.  Applications that work well with touch
> > interfaces generally provide gesture alternatives for the limited set of
> > keys that would be available.  Alternately, devices could limit the
> keyboard
> > to the set of allowed keys.
>
> The problem is if the program makes a fake keyboard and then directly
> intercepts touch events to that location, without invoking the OS's
> keyboard at all.  The user won't be able to tell that the keypresses
> are going to the website instead of the OS.  But I can't see this as
> being a big issue -- screen space is so limited on these devices that
> websites are fullscreen anyway, or practically.  On my Nexus One,
> unless you're scrolled to the top of the site, websites take up the
> whole screen except for the bar at the top, which is present in all
> apps.  So they could already trivially spoof any application, if they
> know the target platform.  Not if the user presses the menu button, I
> guess.
>
Yeah, I realized that loophole after I sent the mail.  The same
vulnerability is there if fullscreen is initiated by a control the browser
chrome, though - at the end of the day, the primary problem to solve is
ensuring that users understand they're still viewing a web page, and the
contents are provided by the web page rather than the OS.



> > As pointed out, this is not strictly an issue for <video> tag, though
> > certainly related especially for local preview.  I have not been closely
> > following the work on the <device> element, though that seems to be where
> > this is headed.
>
> <device> adoption shouldn't interfere with <video> adoption, though.
> Even if YouTube switched to <video> by default, it could keep Flash
> for recording until <device> was implemented.  It's probably best for
> implementers to focus on perfecting <video> (and maybe <canvas>, etc.)
> before they put too much work into <device>, since those are much
> bigger use-cases.
>

You're absolutely right, and I think the order things are going is correct -
<video> is more important than <device>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100702/b5732f62/attachment.htm>
Received on Friday, 2 July 2010 12:09:13 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:24 UTC