Closed Bug 1029262 Opened 10 years ago Closed 8 years ago

(shumway) Reject disallowed MIME types for policy files

Categories

(Firefox Graveyard :: Shumway, defect)

Product:
Firefox Graveyard
Component:
Shumway
Version:
32 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: mwobensmith, Unassigned)

References

Details

(Whiteboard: [shumway]) 

This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs.

Policy files are currently accepted in arbitrary MIME types ("foo/bar") but may only be deployed with the following:

text/x-cross-domain-policy
text/*
application/xml
application/xhtml+xml


Policy file spec:
http://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf
Blocks: 1029228
Whiteboard: [shumway]
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.