HTML5 Ads Aren't That Safe Compared to Flash, Experts Say

HTML5 was officially released in October 2014, and slowly but surely, it started to replace Flash in the advertising market, where many ad networks such as Google and Amazon announced they'd stop taking static Flash ads, even if still allowing Flash for video ads.

A malicious ad creator can use their ability to send third-party JavaScript to the ad via AdParameter values. Instead of user tracking code or ad delivery instructions, they can very easily deliver malicious code instead. At no point does it matter to them if the ad was created in Flash or HTML5.