Adobe released version 9 of its popular Flash player in June, boasting 10x performance increases and a variety of new video, audio, and security filters. MySpace worked with Adobe on new security settings for Flash embeds on its sites and required its members upgrade to the new plugin version for access to Flash content on the site. The new player release combined with the MySpace required upgrade created a lot of confusion around the future of embedded widgets on MySpace and other popular web properties. I spoke with Emmy Huang, senior product manager of the Flash 9 plugin at Adobe, to learn more about the changes in Flash 9 and its effect on the Flash and MySpace ecosystem.
The Flash browser plugin has been a huge success on new web communities with its ubiquity across PCs and its efficient bundled audio and video codecs. Research firm NPD found the Flash Player installed on almost 98% of desktops in April, including a 70% penetration for then 7-month-old version 8. Flash is used on sites such as YouTube, Google Video, Flickr, and Photobucket to display rich content on-side or through embeddable widgets added to any web page. The embedded Flash widgets have become popular additions to configurable sites such as MySpace, allowing users to add their favorite video clips, images, or music tracks anywhere they imagine.
Open, yet more secure
Flash 9 adds new options for site owners allowing more control over the embedded content present on their pages. The allowNetworking and allowScriptAccess property tags can be added to HTML markup describing a Flash file to restrict the virtual machine’s permission set within your pages. Emmy mentioned the extra parameters allow websites to “safely provide a controlled embed environment with decreased opportunity for abuse and control.” Without such restrictions it is possible for a Flash widget to take control of the browser window and navigation, open pop-up windows, and other unwanted behavior.
Emmy confirmed MySpace had contacted Adobe about better ways to secure Flash content embedded on their pages and the two companies worked together on an escalated solution included in Flash 9. MySpace began testing the new Flash features two weeks after launch and made the complete switch about 3 weeks after the launch of Flash 9.
MySpace restricts the behavior of Flash embeds, limiting their ability to call external links or URLs by setting allowNetworking to internal. The files can display pictures and videos, but cannot add clickable external links to their Flash files. Flickr can display a slideshow of your latest photographs, but clicking an individual photo will not launch the destination page.
Widget producers need to rethink their embedded content strategy, adding new actionable items to their HTML snippets. You can add a clickable image inside the
object or add new lines to the snippet with links back to the full web page.
Web sites allowing users to insert arbitrary HTML should take a look at the new security restrictions in Flash 9 to limit the actions of such content on site visitors. Flash producers relying on large embedded install bases such as MySpace need to rethink the monetization of those eyeballs, as users are no longer able to visit your full page through on a 425×350 pixel link target at the end of an embedded video.
You can read more about the Flash 9 security measures in Adobe’s white paper.
Thanks for this post.
Interesting that MySpace was involved in creating new restrictions for some flash files. It seems likely to me that this is a result of the new corporate owners protecting their investment.
Interesting development given that MySpace’s popularity is partially due to the ability to add features to individualize your profile. It looks like the first major step in turning MySpace into the proprietary platform that everyone expected when Fox bought it last year.
This makes me mad. I develope custom flash based myspace pages for clients, now I’m limited in what I can do.
There has to be a way around this, I wont stop until I figure out a loophole. It’s blocks like these that make me hate designing in flash.
Of course people are going to trojen other pc users, that effect has been around since the personal computer was released. I remember times scarier than these “Trojan wars”, anyone remember when Hackers gained access to some of Microsoft Corp.’s essential product secrets back in 2000, or when people started the online identity theft and everytime you ordered something online, you got screwed in hundreds-maybe even thousands- of dollars.
All I’m saying here is that my respect for adobe/macromedia is at an all time low.
Thank you so much for posting this..I would have made myself crazy trying to get my links to work.
Narrow minded MySpace will loose out in the long term as everyone moves to other social networks that have vision!
Lovemyflash is still able to do it with ( allowScriptAccess = “never” allowNetworking = “internal” )so there must be a way. I was rather surprised to find my contact buttons rendered useless so I’m going to find a way to do something about it.
Comments are closed.