Re: [xml-dev] Re: Javascript and plugging holes

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

From: Bill Lindsey <bill@blnz.com>
To: xml-dev@lists.xml.org
Date: Fri, 10 Dec 2010 12:33:38 -0800

On 12/10/10 9:36 AM, Simon St.Laurent wrote:

> There are lots of security holes in JavaScript and the Web environment,
> and many of them happen to work on phones too now.

Another example:  Flash ActionScript .swf files can load XML from other 
domains if that domain hosts the appropriate policy file.  ActionScript 
also provides access to the containing document's javascript environment.

I have had occasion to use this to effect cross-domain loading of XML 
and insertion into the DOM.

Won't work on an iPhone, though.

-Bill

References:
- Javascript and plugging holes was: [xml-dev] Cross-domain loading of XML
  - From: Stephen Green <stephengreenubl@gmail.com>
- Re: Javascript and plugging holes
  - From: Henri Sivonen <hsivonen@iki.fi>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Stephen Green <stephengreenubl@gmail.com>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Stephen Green <stephengreenubl@gmail.com>
- RE: [xml-dev] Re: Javascript and plugging holes
  - From: "David Lee" <dlee@calldei.com>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Stephen Green <stephengreenubl@gmail.com>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: "Simon St.Laurent" <simonstl@simonstl.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]