BTW, Chris, do you have a plan adding JSON callbacks?
It's like below:
http://www.youtube.com/oembed?url=<URL>&format=json&callback=foo
-- shigeta
As of right now, this is sort of implicitly allowed in the way oembed
works. Because the response is HTML, the implicit assumption is that
people will just append that HTML straight into their page. Of course,
they should make sure to strip anything harmful, especially scripts,
out, but if they aren't, then any oembed provider can execute
arbitrary javascript on your site.
JSONP certainly has this same problem in terms of running arbitrary
javascript, but one of the reasons it probably isn't considered not as
big of a threat is that generally you already know who you are talking
to (or at least expect to be talking to) when you make the request. If
you add autodiscovery into the mix, that's no longer necessarily true.
Unfortunately, I'm not sure there really is a better way than JSONP to
do what you want. I'm sure others will chime in.
-Ross
I have just now as I thought it was such a good idea. The callback
parameter I use is "callback".
Implementers should take note that the correct media type for JSONP is
text/javascript, text/ecmascript, application/javascript or
application/ecmascript, but not application/json.
--
Toby A Inkster
<mailto:ma...@tobyinkster.co.uk>
<http://tobyinkster.co.uk>
> Implementers should take note that the correct media type for JSONP is
> text/javascript, text/ecmascript, application/javascript or
> application/ecmascript, but not application/json.
RFC 4329 marks the text/* types as deprecated, I'm guessing for the
usual reason. So really people should use the application/* types only.
James
--
James Aylett
Unfortunately when we're talking about JSONP we need to be pragmatic.
JSONP is pointless if it doesn't work properly in browsers. Since IE
(maybe just older versions?) doesn't recognize the
application/javascript mimetype you really _must_ use text/javascript
for JSONP responses, regardless of what the spec says.
Mike
I could be wrong, as I've not done extensive testing, but I'm pretty
sure that in the presence of a <script type> attribute, browsers tend to
ignore the real media type that a script was served under.
So if you serve a file as application/javascript but link to it using:
<script type="text/javascript" src="..."></script>
it should work more or less everywhere.
Indeed, you could probably serve it as video/mpeg and browsers would
still run it. :-(
[text/ versus application/]
> I could be wrong, as I've not done extensive testing, but I'm pretty
> sure that in the presence of a <script type> attribute, browsers tend to
> ignore the real media type that a script was served under.
>
> So if you serve a file as application/javascript but link to it using:
>
> <script type="text/javascript" src="..."></script>
>
> it should work more or less everywhere.
>
> Indeed, you could probably serve it as video/mpeg and browsers would
> still run it. :-(
Tests: <http://tartarus.org/james/scripttest/>. Using latest browsers,
Firefox, Opera, Safari and Camino (all on Mac) all ignore the server
response type and allow both text/ and application/ in the type
attribute. IE 8 ignores the server response type and allows text/ only
in the type attribute.
So the recommendation should be for clients to a JSONP-enabled oEmbed
endpoint to use text/javascript. Apologies for supporting the opposite
without thinking through the implications.
Whether the oEmbed endpoints themselves should be recommended to use
application/ may depend on someone breaking out earlier versions of
browsers (particularly IE 5, 6, 7 I guess) and figuring out what they
do. I'd favour application/ from the server if it works in older IEs.
oEmbed already mandates UTF-8, so we don't have to worry about that
(except sometimes for setting charset explicitly on the script
element).
J
> I understand your disdain for flash elements littered across the page, but
> we do work hard to keep the CPU usage of our player as low as possible until
> the user hits play or interacts with the player.
Which is great providing you aren't in an environment when embedding
Flash is tricky, but providing a link out to YouTube would work fine;
such as Android, where a static thumbnail frame + description could
link through and all would be well. (Or static thumbnail which could
enable the full embed.)
Whether this is a niche or even strawman issue right now is another
matter. I doubt it'll go away, though.
James
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "OEmbed" group.
To post to this group, send email to oem...@googlegroups.com
To unsubscribe from this group, send email to oembed+un...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oembed?hl=en
-~----------~----~----~----~------~----~------~--~---
Every Youtube video should be resized to width: 620, but some of them
adopts width=”384″ (maybe a default value from youtube).
For Example:
Bug: (width changes to 384)
http://www.youtube.com/oembed?format=xml&maxwidth=620&maxheight=700&url=http:%2f%2fwww.youtube.com%2fwatch?v=CeTa7YYkMcE
Correct width:
http://www.youtube.com/oembed?format=xml&maxwidth=620&maxheight=700&url=http:%2f%2fwww.youtube.com%2fwatch?v=H5UmoD9ReXU
Is there a fix to this?
PD.- None of the Dailymotion videos obey the width parameter.
On 3 dic 2009, 19:36, Geoff Stearns <ge...@deconcept.com> wrote:
> Can you give examples of it failing to give the correct width?
>
> The oembed code will maintain the video's aspect ratio (either 4:3 or 16:9),
> so if you give it a large width but small height, it may make the width a
> little smaller in order to maintain the aspect ratio.
>
> On Mon, Nov 16, 2009 at 10:05 AM, Jonathan <m...@jonathanpuckey.com> wrote:
>
> > Is there any news on Youtube's support for the maxwidth parameter? It
> > seems to work only in some cases.. We've been forced to write a
> > workaround due to the intermittent nature of the implementation.
> > --~--~---------~--~----~------------~-------~--~----~
> > You received this message because you are subscribed to the Google Groups
> > "OEmbed" group.
> > To post to this group, send email to oem...@googlegroups.com
> > To unsubscribe from this group, send email to
> > oembed+un...@googlegroups.com<oembed%2Bunsu...@googlegroups.com>
The max width and height parameters specify a bounding box, not a
preferred size. Our interpretation of oEmbed was that we should pick
whatever size we think is good for the video so long as it fits in
that bounding box.
It may be reasonable to extend the oEmbed spec to support this use
case.
-Billy
On Jan 5, 12:09 pm, danielsemper <semperte...@gmail.com> wrote:
> My maxwidth is: 620 and maxheight: 700
>
> Every Youtube video should be resized to width: 620, but some of them
> adopts width=”384″ (maybe a default value from youtube).
>
> For Example:
>
> Bug: (width changes to 384)http://www.youtube.com/oembed?format=xml&maxwidth=620&maxheight=700&u...
>
> Correct width:http://www.youtube.com/oembed?format=xml&maxwidth=620&maxheight=700&u...
Chris: any chance of youtu.be support on your oEmbed provider? It'd
be great if this worked: http://www.youtube.com/oembed?format=xml&url=http%3A%2F%2Fyoutu.be%2FnTDNLUzjkpg
( http://youtu.be/nTDNLUzjkpg )
On Jan 14, 3:41 pm, Viper0007Bond <viper007b...@gmail.com> wrote:
> Can't find one off the top of my head, but if I remember correctly,
> you could pass it 1000x1000 for example and neither returned dimension
> would be 1000. It was maintaining aspect ratio, it was just too
> small. If I come across it again, I'll make sure to post it here.
>
> Chris: any chance of youtu.be support on your oEmbed provider? It'd
> be great if this worked:http://www.youtube.com/oembed?format=xml&url=http%3A%2F%2Fyoutu.be%2F...
> (http://youtu.be/nTDNLUzjkpg)
Whoops, stupid Google Groups interface. I missed the second page of
this thread where Billy mentioned small videos aren't resized to over
100% of their original size.