I am building an application that pulls HTML content from an external site (RSS
feed) and placing that content into my Flex application. The content of this
HTML is controlled by another developer at another company.
After pulling back the HTML I am setting it as the htmlText attribute for an
<mx:Text> box.
Is this safe? Since I don't control the source HTML content I'm concerned
about the content having cross-site scripting attacks in it. Links or things
that execute arbitrary javascript onclick. Is there any way to ensure that the
HTML coming back can't be used to execute any JavaScript or ActionScript?
Thanks,
..Jordan
--
Jordan | Yodlee Product Management
Launch your Flex-based financial app in the Yodlee FinApp Store -
http://www.finappstore.com
