What I am saying here is probably something that doesn't even work. But I am sure there is something that can be exploiting in this, so give it a go. Make a proxy that redirects all Youtube requests to your own server. The server must contains Gateway's iFrame exploit. Youtube will load that web page instead. Possible hax?