Skip to content

Commit

Permalink
# fixed
Browse files Browse the repository at this point in the history
  • Loading branch information
@the1sky
the1sky committed Jul 29, 2014
1 parent 127915c commit 28b3613
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion security.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ SWF与js参数传递,「SHOULD」需要进行字符过滤,防止XSS攻击

可执行文件(.swf)授信,不应该「SHOULD NOT」使用Security.allowDomain("*"),加载者或被加载者会获得和当前SWF相同的权限

非可执行文件(.txt,.xml,.json,.jpg等)授信,不应该「SHOULD NOT」在crossdomain.xml文件中使用<allow-access-from domain="*"/>
非可执行文件(.txt,.xml,.json,.jpg等)授信,不应该「SHOULD NOT」在crossdomain.xml文件中使用allow-access-from domain="*"

在加载跨域SWF时,「SHOULD NOT」慎用合并安全域(crossdomain.xml授权或loadBytes()),被加载的SWF会拥有和父SWF同样的权限,能做任何事情

Expand Down

0 comments on commit 28b3613

Please sign in to comment.