[jboss-cvs] jboss-seam/examples/wiki/view/plugins/flash ...
Christian Bauer
christian at hibernate.org
Mon Nov 12 02:37:27 EST 2007
User: cbauer
Date: 07/11/12 02:37:27
Modified: examples/wiki/view/plugins/flash plugin.xhtml
Log:
Disabled flash plugin, open to XSS attacks
Revision Changes Path
1.3 +19 -13 jboss-seam/examples/wiki/view/plugins/flash/plugin.xhtml
(In the diff below, changes in quantity of whitespace are not shown.)
Index: plugin.xhtml
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/wiki/view/plugins/flash/plugin.xhtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- plugin.xhtml 31 Aug 2007 13:38:11 -0000 1.2
+++ plugin.xhtml 12 Nov 2007 07:37:27 -0000 1.3
@@ -20,6 +20,11 @@
</div>
</s:div>
+ (The flash plugin is currently disabled as it opens up XSS injection attack vectors. To be replaced
+ with a future version that parses the flash URL and/or only allows certain sites, see:
+ http://drupal.org/project/embedfilter)
+
+ <s:fragment rendered="#{false}">
<s:div rendered="#{!empty flashPreferences.properties['flashURL']}">
<object width="#{flashPreferences.properties['objectWidth']}"
height="#{flashPreferences.properties['objectHeight']}">
@@ -33,6 +38,7 @@
</embed>
</object>
</s:div>
+ </s:fragment>
</s:div>
More information about the jboss-cvs-commits
mailing list