http://www.howtogeek.com/forum/ How-To Geek Forums Topic: Embedding Objects in Web Sites and Forums en Mon, 23 Nov 2009 01:39:21 +0000 http://www.howtogeek.com/forum/topic/embedding-objects-in-web-sites-and-forums#post-74037 Thu, 19 Feb 2009 00:50:06 +0000 ScottW 74037@http://www.howtogeek.com/forum/ <p>I use NoScript with Firefox to only allow scripts to run when I decide to. Here at howtogeek.com forums, there are requests to run scripts by howtogeek.com, google.com, and quantserve.com. On a how-to page, there are even more requests -- sixapart.com, addthis.com, and doubleclick.net. Needless to say, I don't allow any of these extra sites permission to run scripts on my system. It's quite common to visit sites where I want the primary site to runs scripts, but there are 6 or more other sites trying to run scripts as well.</p> <p>In IE7, which I don't use as much, I have the Internet Zone set to medium-high and only add sites that I trust to the Trusted Zone. I like the NoScript solution better, though, because it provides more granular control. Once a site is added to the trusted zone in IE, it seems to allow all other scripting requests from that site. </p> http://www.howtogeek.com/forum/topic/embedding-objects-in-web-sites-and-forums#post-73922 Wed, 18 Feb 2009 06:39:52 +0000 Justin 73922@http://www.howtogeek.com/forum/ <p>Indeed, testing things is a good way to figure out what works.<br /> Also, The Geek could just write code that will recognize objects which are loading Videos from trusted sites like Vimeo or YouTube which some forums have done but it is extra work that is not worth it when like you said, a link suffices. </p> http://www.howtogeek.com/forum/topic/embedding-objects-in-web-sites-and-forums#post-73917 Wed, 18 Feb 2009 06:06:32 +0000 whs 73917@http://www.howtogeek.com/forum/ <p>Hmm, I guess you saw me playing around with it. I actually wanted to test whether - allowfullscreen="true" - works. Else, I agree with what you say. It is probably not a good idea. A link to a video website suffices. But I had no idea at all how HTG would handle a video embed. Now I know. </p> http://www.howtogeek.com/forum/topic/embedding-objects-in-web-sites-and-forums#post-73915 Wed, 18 Feb 2009 05:56:36 +0000 Justin 73915@http://www.howtogeek.com/forum/ <p>I decided to write a post on why allowing embedded Videos in web sites and forum posts is a bad idea based on previous posts asking about it.</p> <p>Here is why:<br /> Embedding any object including Flash for videos is a security risk and is disabled on most forums for that reason.<br /> Objects like Flash besides playing videos can also automaticly redirect users to a phishing site on load, open annoying popups, Show flashing banner ads, etc.<br /> The same with Javascript and most objects that can be embeded including ActiveX controls in Internet Explorer and plugins for all browsers based on Netscape's plugin model like Mozilla Firefox.</p> <p>It is for this reason that Mozilla Firefox 3 and Internet Explorer 7 have restricted what objects can be installed and run to objects that are trusted and make it hard for users to make exceptions as without knowing if the object can be trusted, it needs to assume it cannot be trusted by default.</p> <p>Internet Explorer 8 RC1 takes this even further by not allowing even trusted objects like Flash to run on untrusted web sites without asking the user.<br /> Popular sites like msn.com will be trusted sites by default. </p>