I presently run several Wordpress MU installations.

My customers are requesting a chance to publish video (not only Youtube, but from your own Expensive Media Server).

Automatically, Wordpress strips out <embed> tags.

Now, I'd never allow customers to incorporate PHP or JavaScript within their posts, must i be worried about Expensive weaknesses?

How harmful may be the embed tag and really should I be worried about providing them with the power?

Thanks

In most cases, Expensive has advanced significantly when it comes to stopping exploits like key trapping, etc.

The most secure factor you could do this is always to obfuscate the embedding code and also have them only give you a SWF URL, this way they could not pull anything fancy within the embed object like permitting mix scripting, etc...

Particularly, you need to be careful for such things as potential cyber-terrorist attempting to call JS functions out of your blog JS files by utilizing AS3's ExternalInterface.call() function... that will certainly be bad. However think you should use embed strategies to turn this off.

Make certain you place allowScriptAccess="never" within the object/embed tag to deny scripting powers to 3rd party SWFs.

I recommend that Expensive is just as secure because the content it's showing which together with a Youtube video isn't any pretty much harmful than likely to go to the same video on Youtube's website.

Expensive is fairly secure. Lots of websites large and small are utilizing it for ten years now. Obviously exploits are located, as with every software program. No web product is 100% secure. Many people are utilizing expensive and lots of designers are scheming to make it secure. Should you really sensitive information don't use them web to begin with. The safety is dependent more about the developer that creates a bit of code than the kind of code ( actionscript, javascript, php or java ). Languages permit errors and designers sometimes make errors.

My recommandation is by using it if you want it.