16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
44 lines
855 B
Plaintext
44 lines
855 B
Plaintext
== Why is this an issue?
|
|
|
|
Calling Security.allowDomain("*") lets any domain cross-script into the domain of this SWF and exercise its functionality.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,flex]
|
|
----
|
|
Security.allowDomain("*");
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,flex]
|
|
----
|
|
Security.allowDomain("www.myDomain.com");
|
|
----
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Specifically define the origin domain of SWF files that are allowed to communicate with this one
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 22 Nov 2013, 13:15:08 Freddy Mallet wrote:
|
|
Is implemented by \https://jira.codehaus.org/browse/SONARPLUGINS-3281
|
|
|
|
=== on 24 Nov 2013, 18:59:30 Ann Campbell wrote:
|
|
Hope my changes still capture the intended meaning...
|
|
|
|
endif::env-github,rspecator-view[]
|