What Is VPAID?
VPAID in the Brightcove Player
The Brightcove Player’s default ad integration uses Google’s Interactive Media Ads (IMA) framework, which implements the VPAID standard. Brightcove’s IMA plugin wraps both the Flash-based IMA SDK and the HTML5 IMA SDK, and determines at runtime which one to use based on whether Flash is installed in the browser. Publishers can also choose to use the HTML5 IMA SDK if they prefer to use HTML5 VPAID even when Flash is present.
VPAID and Security
The VPAID 2.0 specification calls for ad logic to execute with full access to the object model of the enclosing page (in a so-called “friendly” iframe). This access can be important for VPAID logic to be able to determine what the page content is, for optimal ad targeting, or to determine exactly where on the page the ad is placed, an important component of the popular “viewability” metric. Unfortunately, full-page access can also be abused, allowing unscrupulous VPAID ad authors to take control of the page, replacing elements or collecting and sending user data without permission. For this reason Google’s IMA SDK provides a layer of protection which isolates VPAID code units so they cannot access page data. If publishers prefer spec-compliant behavior, however, it can be enabled by setting IMA’s vpaidMode setting to “INSECURE”. Because of the risks of this mode, Brightcove does not recommend enabling “INSECURE” mode as a best practice. If a publisher’s chosen ad partner requires this mode, however, it is available.
A Better Way to Execute Code
Google IMA SDK VPAID 2.0 Documentation:
Brightcove IMA Documentation: