Subscribe to How-To Geek

Login / Signup

Welcome to the How-To Geek Forums

We encourage you to register on our forums and post any questions you might have. The How-To Geeks monitor this forum and will respond to your question quickly.

How-To Geek Forums » Off Topic

Embedding Objects in Web Sites and Forums

(4 posts)
  • Started 8 months ago by jd2066
  • Latest reply from ScottW
  • Topic Viewed 386 times

jd2066
Justin
Posts: 3792

I decided to write a post on why allowing embedded Videos in web sites and forum posts is a bad idea based on previous posts asking about it.

Here is why:
Embedding any object including Flash for videos is a security risk and is disabled on most forums for that reason.
Objects like Flash besides playing videos can also automaticly redirect users to a phishing site on load, open annoying popups, Show flashing banner ads, etc.
The same with Javascript and most objects that can be embeded including ActiveX controls in Internet Explorer and plugins for all browsers based on Netscape's plugin model like Mozilla Firefox.

It is for this reason that Mozilla Firefox 3 and Internet Explorer 7 have restricted what objects can be installed and run to objects that are trusted and make it hard for users to make exceptions as without knowing if the object can be trusted, it needs to assume it cannot be trusted by default.

Internet Explorer 8 RC1 takes this even further by not allowing even trusted objects like Flash to run on untrusted web sites without asking the user.
Popular sites like msn.com will be trusted sites by default.

Posted 8 months ago #
Top
 
whs
whs
Posts: 10183

Hmm, I guess you saw me playing around with it. I actually wanted to test whether - allowfullscreen="true" - works. Else, I agree with what you say. It is probably not a good idea. A link to a video website suffices. But I had no idea at all how HTG would handle a video embed. Now I know.

Posted 8 months ago #
Top
 
jd2066
Justin
Posts: 3792

Indeed, testing things is a good way to figure out what works.
Also, The Geek could just write code that will recognize objects which are loading Videos from trusted sites like Vimeo or YouTube which some forums have done but it is extra work that is not worth it when like you said, a link suffices.

Posted 8 months ago #
Top
 
ScottW
ScottW
Posts: 6609

I use NoScript with Firefox to only allow scripts to run when I decide to. Here at howtogeek.com forums, there are requests to run scripts by howtogeek.com, google.com, and quantserve.com. On a how-to page, there are even more requests -- sixapart.com, addthis.com, and doubleclick.net. Needless to say, I don't allow any of these extra sites permission to run scripts on my system. It's quite common to visit sites where I want the primary site to runs scripts, but there are 6 or more other sites trying to run scripts as well.

In IE7, which I don't use as much, I have the Internet Zone set to medium-high and only add sites that I trust to the Trusted Zone. I like the NoScript solution better, though, because it provides more granular control. Once a site is added to the trusted zone in IE, it seems to allow all other scripting requests from that site.

Posted 8 months ago #
Top
 

RSS feed for this topic

Reply

You must log in to post.

Our Friends
Getting Started


About How-To Geek
What Is That Process?
svchost.exe
jusched.exe
dwm.exe
ctfmon.exe
wmpnetwk.exe 		wmpnscfg.exe
rundll32.exe
wfcrun32.exe
Ipoint.exe
Itype.exe 		Wfica32.exe
Mobsync.exe
conhost.exe
Dpupdchk.exe Adobe_Updater.exe

Copyright © 2006-2009 HowToGeek.com. All Rights Reserved.