- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Thu, 8 Jul 2010 21:09:02 -0400
On Wed, Jul 7, 2010 at 4:54 PM, John Harding <jharding at google.com> wrote: > MySpace is my canonical example - they allow arbitrary SWFs to be embedded > in profiles, but not <iframe>s. ?Flash added support a while back that > allows containing pages to block SWFs from executing script or accessing the > contents of the page, which MySpace enforces by rewriting the <embed> tag > that users post. ?Before that, yes, allowing arbitrary SWFs to be posted by > users was a huge security hole. Interesting. I wonder what the rationale was behind banning <iframe>. > Regardless, I think we're all agreed on the path forward (Use <iframe>s to > embed content instead of naked <embed> tags) and just need to start moving > on it, and the ball is largely in YouTube's court on this point. Great to hear you see it that way.
Received on Thursday, 8 July 2010 18:09:02 UTC