I've been looking at how you would add object and embed tags, and it isn't trivial. They're not in there by default because of the nasty things that they can do. But I could add them in, along with flags to specify that you want to allow them, much like AllowHref
I'll get back to you. Again, I'll take this off the list now (until I have something to show for it). Jonathan, could you give me some sample code that you would like to allow through?. thanks Clint > already doing that... > > those are placed in object AND embed tags (i don't recall if embed > are off by default) > regardless, it might make sense to mention them in the docs as > they're in a grey-area and something to be wary of when enabling > objects. > > allowScriptAccess locks the flashplayer down- it can't call any js > functions or do any document writes/etc. without it, its possible to > have a .swf file that onload starts rewriting the page to load in > external js files and then write them into the document body (thereby > avoiding any js xss safeguards). thats how a lot of old 'skinning' > and 'tracking' was done - people would write mini-apps hiddin in a > 1x1 swf file that would manipulate the dom and do whatever data > exchange is needed. it can be pretty insidious. > > allowNetworking, i think, disables what getURL can do. i could be > wrong on that one, but i believe that is the command that locks down > what swf files can redirect browsers to ( same domain as html or any > or none ) > > > // Jonathan Vanasco > > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - - - - > | CEO/Founder SyndiClick Networks > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - - - - > | Founder/CTO/CVO > | FindMeOn.com - The cure for Multiple Web Personality Disorder > | Web Identity Management and 3D Social Networking > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - - - - > | RoadSound.com - Tools For Bands, Stuff For Fans > | Collaborative Online Management And Syndication Tools > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - - - - > >
