Let's say the following video: http://www.youtube.com/watch?v=cNV9FEKi9FQ&v3 I try coping and pasting the embeding link but here's what happen: <object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/cNV9FEKi9FQ"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/cNV9FEKi9FQ" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object> :shrug:
Does the site feature a wee Youtube logo as one of the "buttons" on the "control panel" ? I visit a site called the Armchair Generals Forum which features embedding, and clicking on the control brings up the bracketed text you posted. It may be that there is some bit of code which has to be "installed". Oddly enough, I can't find a reference to it on the Youtube page, except this - http://www.youtube.com/dev which sounds pretty specific to one type of site. Found this - http://forums.mactalk.com.au/showthread.php?p=318304 See post #5, which refers to BB code. Not sure if that's similar to the "vB" code this site uses. Or... It might be that this site has HTML code turned off. The embed code posted looks like HTML Please Register or Log in to view the hidden image!
Here is an example of an embedded media player (non youtube) BTW - I believe embedded content has been disabled here due to security reasons. Code: <embed allowScriptAccess="never" allowNetworking="internal" enableJavaScript="false" src=http:/online.storage/publicfolder/whatever.mp3 allowScriptAccess="never" allowNetworking="internal" allowScriptAccess="never" style="filter: gray" autoplay=true showgotobar=false showpositioncontrols=false showtracker=false showdisplay=false showstatusbar=true showcontrols=false loop=false height=24 width=420 > </embed>
Code: Sub embed(ByVal size_of_pizza As Integer) current_weight = 185 For x = 1 to size_of_pizza fat = fat + 1 current_weight = current_weight + fat Next return = current_weight End Sub
You are indeed right, Sciforums had a spout of "cookie stealing/X-Scripting" attacks from some of the forums allowing RAW HTML/Javascript. While the Object tags might seem harmless there is ways to utilise it to do things to aren't so harmless. I'm not of course going to show you any here but they do exist.
