== Why is this an issue?

Calling Security.allowDomain("*") lets any domain cross-script into the domain of this SWF and exercise its functionality.


=== Noncompliant code example

[source,flex]
----
Security.allowDomain("*");
----


=== Compliant solution

[source,flex]
----
Security.allowDomain("www.myDomain.com");
----


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Specifically define the origin domain of SWF files that are allowed to communicate with this one


'''
== Comments And Links
(visible only on this page)

=== on 22 Nov 2013, 13:15:08 Freddy Mallet wrote:
Is implemented by \https://jira.codehaus.org/browse/SONARPLUGINS-3281

=== on 24 Nov 2013, 18:59:30 Ann Campbell wrote:
Hope my changes still capture the intended meaning...

endif::env-github,rspecator-view[]