[MGNLSTK-724] Flash parameter AllowScriptAccess should be set to 'sameDomain' Created: 07/Dec/10  Updated: 19/Jan/11  Resolved: 19/Jan/11

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: demoproject, themepop
Affects Version/s: None
Fix Version/s: 1.4.2

Type: Improvement Priority: Major
Reporter: Federico Grilli Assignee: Federico Grilli
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

Currently it is set to 'always' (default value used e.g. by flowplayer) which can be potentially dangerous. Set the AllowScriptAccess parameter to 'sameDomain' which tells the Flash Player that only SWF files loaded from the same domain as the parent SWF will have script access to the hosting web page.



 Comments   
Comment by Philipp Bärfuss [ 19/Jan/11 ]

this change has to be reflected in the static prototype.

note: the change in the formatting will make it hard to diff against the static prototype.

Comment by Federico Grilli [ 19/Jan/11 ]

prototype aligned

Generated at Mon Feb 12 07:29:48 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.