On Wed, Jul 7, 2010 at 4:54 PM, John Harding <jhard...@google.com> wrote: > MySpace is my canonical example - they allow arbitrary SWFs to be embedded > in profiles, but not <iframe>s. Flash added support a while back that > allows containing pages to block SWFs from executing script or accessing the > contents of the page, which MySpace enforces by rewriting the <embed> tag > that users post. Before that, yes, allowing arbitrary SWFs to be posted by > users was a huge security hole.
Interesting. I wonder what the rationale was behind banning <iframe>. > Regardless, I think we're all agreed on the path forward (Use <iframe>s to > embed content instead of naked <embed> tags) and just need to start moving > on it, and the ball is largely in YouTube's court on this point. Great to hear you see it that way.
