> I know this has been discussed before but I'm not finding a clear answer > online to the question of whether it is possible to use flash on a site > where the script protect / invalidtag feature has been turned on.
Yes, you certainly can use Flash with SCRIPTPROTECT. The two are not really related. All SCRIPTPROTECT does is examine data from the browser to see if it contains client-side executable functionality. > We would like to keep this security feature turned on generally, but if > that means that it is not possible for clients to put flash files on their > pages in our CMS, that is a pretty steep trade off. Are there ways around > this? Not really. If you want people to be able to put client-side executable content in HTML pages, that defeats the purpose of using SCRIPTPROTECT. You could write a CMS widget to accept parameters from the client and have that build a snippet of HTML that uses those parameters with Flash Player, though. > Also, our experience is that some older pages that have flash working - > presumably from before the script protect feature was turned on - are still > working fine (despite having script protect on). So, that is a bit of a > surprise. That should not be a surprise. Again, all SCRIPTPROTECT does is limit the ability of users to upload data that could later execute in another user's browser. You might want to read a bit about XSS vulnerabilities to see what it's supposed to protect you against. All that said, SCRIPTPROTECT only provides limited protection against those vulnerabilities. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353108 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
