Permalink
Browse files

disable * in flash crossdomain file

  • Loading branch information...
1 parent 74782cf commit 8cd48729cf0d44004d683588cd0e124dd87f51ea @paulirish paulirish committed Jun 3, 2010
Showing with 9 additions and 7 deletions.
  1. +9 −7 crossdomain.xml
View
@@ -1,14 +1,16 @@
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
+ <!--
+ If you host a crossdomain.xml file with allow-access-from domain=“*”
+ and don’t understand all of the points described here, you probably
+ have a nasty security vulnerability. ~ simon willison
+
+ Please read: http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html
+
<allow-access-from domain="*" to-ports="*" />
+
+ -->
</cross-domain-policy>
-<!--
- http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html
-
- If you host a crossdomain.xml file with allow-access-from domain=“*”
- and don’t understand all of the points described here, you probably
- have a nasty security vulnerability. ~ simon willison
--->

0 comments on commit 8cd4872

Please sign in to comment.