发表新帖
发表新帖

Is there any point in using the seamless and or sandbox attribute for YouTube iframes?

前端 未结
关注
2 1775
滥情空心
滥情空心 2021-01-17 22:42

Update: This question is no longer valid. See comment below.

  1. YouTube embedding is done using iframes nowadays.
  2. HTML5 introduces the seamless attribute
2条回答
  • 一向
    一向 (楼主)
    2021-01-17 23:20

    I'll focus on just discussing the sandbox attribute.

    To play YouTube videos in a sandbox you need to do the following:

    1. Add sandbox="allow-scripts allow-same-origin"
    2. Add ?html5=1 to the video URL

    A problem with #1 is that Flash will not be loaded; whether Flash is required depends on a few things, such as the end-user's browser, their YouTube settings or when a video is simply not available as an HTML5 video (this is worsened by #2).

    Another (more serious) problem with #1 is that the combination of allow-scripts and allow-same-origin effectively removes any security benefit you would have otherwise enjoyed.

    Conclusion

    Forget about using the sandbox attribute for YouTube video embedding.

    Further reading

    • HTML5 Sandbox and some notes
    • Error playing embedded youtube video in a sandboxed iframe

    0 讨论(0)
 看不清?
提交回复
热议问题