[MGNLSTK-724] Flash parameter AllowScriptAccess should be set to 'sameDomain' Created: 07/Dec/10 Updated: 19/Jan/11 Resolved: 19/Jan/11 |
|
| Status: | Closed |
| Project: | Magnolia Standard Templating Kit (closed) |
| Component/s: | demoproject, themepop |
| Affects Version/s: | None |
| Fix Version/s: | 1.4.2 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Federico Grilli | Assignee: | Federico Grilli |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Date of First Response: |
| Description |
|
Currently it is set to 'always' (default value used e.g. by flowplayer) which can be potentially dangerous. Set the AllowScriptAccess parameter to 'sameDomain' which tells the Flash Player that only SWF files loaded from the same domain as the parent SWF will have script access to the hosting web page. |
| Comments |
| Comment by Philipp Bärfuss [ 19/Jan/11 ] |
|
this change has to be reflected in the static prototype. note: the change in the formatting will make it hard to diff against the static prototype. |
| Comment by Federico Grilli [ 19/Jan/11 ] |
|
prototype aligned |