This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs. Consider the case of content on http://foo.com accessing the site http://foo.org with this policy file: <cross-domain-policy> <allow-access-from domain="foo.*" /> </cross-domain-policy> Expected: Should not load - wildcard not allowed in TLD Actual: Data loads Policy file spec - see Appendix - Domain matching: http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
Till recommends that Yury look into these security issues.
Assignee: nobody → ydelendik
3 years ago
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.