Is there any point in using the seamless and or sandbox attribute for YouTube iframes?

Question

Update: This question is no longer valid. See comment below.

1. YouTube embedding is done using iframes nowadays.
2. HTML5 introduces the seamless attribute

Answer 1

No, fullscreen does not seem to work with both attributes enabled, if you are in the HTML5 beta check an example here: http://bcmoney-mobiletv.com/view/2133/monty-python-tax-sketch/

However, when I leave the HTML5 beta program it plays back in the standard YouTube Flash player, which ignores those iFrame attributes completely.

So, it really depends what your goals are. If you want added security and an experience that feels more like an in-page web video that is controlled by your page, go ahead and use those attributes, however, if you want to give the user a full range of controls and options, leave off sandbox and/or seamless.

Answer 2

I'll focus on just discussing the sandbox attribute.

To play YouTube videos in a sandbox you need to do the following:

1. Add sandbox="allow-scripts allow-same-origin"
2. Add ?html5=1 to the video URL

A problem with #1 is that Flash will not be loaded; whether Flash is required depends on a few things, such as the end-user's browser, their YouTube settings or when a video is simply not available as an HTML5 video (this is worsened by #2).

Another (more serious) problem with #1 is that the combination of allow-scripts and allow-same-origin effectively removes any security benefit you would have otherwise enjoyed.

Conclusion

Forget about using the sandbox attribute for YouTube video embedding.

Further reading

• HTML5 Sandbox and some notes
• Error playing embedded youtube video in a sandboxed iframe