Flex :: Preventing Cross Site Scripting Attack On Flash Container Pages
Jun 2, 2011
I have a website with a flex application. The flex application has no user input - except for clicks for navigation. The website also uses no scripting language - i.e. no php, asp, jsp or cfm.
The website just consists of one page which contains the flash file for the flex application. The source code of this page is here: [URL]
I have been advised (by a software program used by my client) that this website is vulnerable to a reflective type XSS attack and have been advised to 'sanitize' all user input.
respect to XSS and would respectfully like to ask that AFAIK there is no user input. What should I sanitize and how?
View 1 Replies
Similar Posts:
Mar 23, 2010
Here is my situation:
I have a Flash file hosted at:
http://static.mydomain.com/flash.swf
I have a web page that embeds that Flash file at:
http://www.mydomain.com/embed.html
The <embed> code for that SWF has the "allowScriptAccess" parameter set to "sameDomain". Currently, I cannot put links in "flash.swf" that change the location of the embedding page, because they are on different domains, and making a getURL() or ExternalInterface call won't be permissible.
Changing "allowScriptAccess" to "always" is not an option. Putting both files on the same domain is also not an option.
Policy files don't seem to be the solution (perhaps I'm coding them wrong?) and changing the "document.domain" of the embedding page doesn't seem to work either.
View 1 Replies
Dec 14, 2010
A client of mine has had 2 sites (both Flash sites) attacked over the last 12 months, so he's been asking: should he go for a static HTML site or stick with a Flash site? Is there ways to make a Flash site more secure?
View 1 Replies
Aug 13, 2010
I have a movie with a document class (Main.as) wich load 2 SWF:
private var mainContainer:Sprite = new Sprite();
addChild(mainContainer);
var loaderx:Loader = new Loader();[code]....
Now I need to access some var/objects in PhotoLoader from PhotoViewer but anytime I compile PhotoViewer the compiler complains:
trace(root.loaderx.dbFields);
1119: Access of possibly undefined property loaderx through a reference with
static type flash.display:DisplayObject.
Notice I need communication between the 2 loaded SWFs, not from the movie that loaded them
View 1 Replies
Jul 5, 2010
I wrote a post a week ago but it seems no one is able to help or I didn't explain my problem well enough, so here I go again.I want to load an external SWF, get an object reference from it and add it to the PV3D scene of my main class. The problem is even though the types have the same names, they are not recognized as the same type.
---------------------------------pv3Dviewer--------------------------- -----------
package {
import org.papervision3d.objects.primitives.Sphere;
public class pv3Dviewer extends Sprite {
[code]....
When pv3Dviewer is run, it traces "no". If I try to assign shereRemote without type casting i get this error:TypeError: Error #1034: Type Coercion failed: cannot convert org.papervision3d.objects.primitives::Sphere@59930b1 to org.papervision3d.objects.primitives.Sphere.
View 7 Replies
May 13, 2009
This is my first entry in this forum but I already found a lot of answers by browsing it.However, altough many references seem to solve the problem I'm hurting on, it doesn't seem to work for me...Now, here's the case:I made a flash web site that will be hosted on an external web server (let's call it serverMy flash needs to get some info from my internal server don't have access to the root, only to the folder «myfolder» so my website reads like this
View 1 Replies
Jun 28, 2010
I have the following problem. I am trying to load custom PaperVision3D objects from an externally loaded SWF in a simple FLARToolKit example project. The external SWF is compiled with the same libraries included in its path as the loading project. I will include only the pertinent functions in order to save some space. Both the external SWF and the loading project include security definitions to allow for access:
[Code].....
View 1 Replies
Feb 11, 2011
Client has a flash navigation menu on his website. When the site is accessed via [URL] the hardcoded links in the flash nav load pages properly. When accessing the website via the [url] the site navigation links can not load the proper pages and instead just redirect the user to the root domain.
I assume this can be fixed with a change to the .htaccess but I do not know how flash handles these links.
.htaccess:
Options +FollowSymLinks
RewriteEngine on
[Code].....
View 1 Replies
May 12, 2010
I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts.The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file.I know that it's probably impossible to prevent this all together, but i at least don't want it to be obvious.
View 4 Replies
Mar 18, 2006
I am currently making a game, similar to StreetFighter,where enemies will come on from the side and you fight them. Now i have the character movement and attacks fully scripted, and have made an enemy, and i make it move towards the character using:
onClipEvent(load){
movethy = 7;
scale = _xscale;[code].....
Now this works quite well and the enemy stops when it hits the character, but the problem is, it wont complete a full attack, instead it plays a few frames of the attack MC. Now i have every attack in a different MC (Frames 2-5) inside the Enemy MC. How can i make the enemy pause when it reaches the character, then choose an attack to use? From there i'll be on my way and can script the hittest and so forth.
View 2 Replies
Oct 11, 2009
I looked all over but I couldn't find what I would think is a pretty standard flash tutorial - so in sudden desperationI need a tutorial that teaches me a way you can make flash websites in as3 have an animation function when going to a page, as well as an animation function going to another page.
View 1 Replies
Jul 24, 2003
I Am Trying To Make Buttons In Flash That Link To Other Pages On The Site. When You Press On A Button, It Will Take You To A Page Like main.php?page=thepage. (Which Also Has Flash)I Am Trying To Use The Variable page (from The Url) In The Flash On The New Page. How Do I Get It From The Url, Into The Flash?I Have Looked All Over But Cannot Find A Solution That Works.
View 3 Replies
Mar 3, 2011
I have an intro in flash to go to an html/css site. What I have right now is when the image is clicked on it jumps to a scene and plays the animation and that's it. What I don't know is the scripting afterward. I need to know what the script is to allow it automatically forward the visitor to the html site after the animation plays. The intro page is on its own page.Right now my code is on frame 1 and this is it:
Code:
stop();
import flash.events.MouseEvent;
[code]......
View 3 Replies
Nov 2, 2010
how do you link(code) your swf pages to each other (through buttons) when making a flash site or portfolio?
View 5 Replies
Oct 26, 2009
I have a very simple button with a GetUrl action. The flash is being embedded via a script, using document.write method. All works as expected when the script is hosted within the webiste. I need to host the script externally though, on a remote website (its a banner script). The problem is that when I embed the movie using the REMOTE javascript file, i.e. [URL], the simple GetUrl does not work at all.
I'm sure this is something related to security or cross site scripting, but I'm equally sure there's a way around this. Affiliate banners use flash to do the very same thing (somehow).
View 3 Replies
Jul 16, 2010
I have a flash animated logo with sound on all of the pages of my website. My goal is to make a mute button which when clicked will work on cookie base or php session (?) and will mute the sound of the logo on all pages for the given period of cookie.
View 1 Replies
Jun 1, 2010
I am using flex. But i find it hard.Should i use Adobe flash so that i can insert the components by drag and drop
View 1 Replies
May 23, 2009
I am making a full flash site in which one container clip on the main timeline loads all the pages. I want to place a tween on this container so that once the content loads it animates as it enters. Code below.
Code:
import gs.TweenLite;
import gs.easing.*
[code].....
View 2 Replies
Feb 9, 2012
I'm working on a Flex 3 app, implemented in Actionscript 3 and MXML, that includes an embedded video player, which is essentially a black box--I load it as a SWF from another site on demand, and I don't have access to its source code. It does, however, inherit from Sprite.The problem is that, when focus is on the Flash app, the video player is somehow receiving and processing keyboard events, even when the player itself isn't in focus.So when users are typing text elsewhere in the GUI, if they hit the space bar, the video pauses.
I've tried intercepting key events in the Sprite's parent, and setting tabEnabled = false, tabChildren = false, and buttonMode = false on the Sprite, but nothing seems to work. It's as if the Sprite is getting keystrokes through an alternate Event path.how I can prevent the player from receiving keyboard events or input events entirely? It's fine with me if no input events reach the player, since I've implemented my own,separate video controls.
View 1 Replies
Mar 4, 2009
I'm using Adobe CS4 Professional flash to create the basis of the website, a photo background with an interactive menu overlay on top. Does anyone know any good tutorials for an interactive menu (roll you mouse over certain things and the sub-menu comes up which lead to other pages of the site etc.)
View 1 Replies
May 4, 2009
I make my first flash site. I've insert images in 72 dpi. The site is ok on the web! Now, I want print the site pages in high resolution. Is possible to create the .fla file with image in 300 dpi (so I can print from original .swf files with images in high resolution) and ask to flash to reduce the images resolution in automatic only in the final publication?
View 1 Replies
Jun 22, 2009
I created a Flash CS4 document which contains 2 buttons. I used the code below to link the two buttons to well known web sites, tested them in Flash and the buttons work fine.
[Code]....
View 2 Replies
Sep 17, 2009
i need to make several banners for individual pages of a web site. The banners will each contain different images that i want to have fade in the same way. Also, over the images will be the title of the page. I would like to load the images and text by xml.I was using the uiloader (loading images from a url) but could not figure out how use the xml file as source.Also, for the animation,is there anyway to apply a transition to the uiloader? Is the uiloader even the best way to load xml?
View 1 Replies
Feb 5, 2012
First time on the site. I have been desperately looking for information on this transition, but I have only gotten so far. I was wondering how to recreate the effect that this site has when transitioning between pages. [URL] As you can see, there is a very nice fade out, then in effect. I know that u can fade in with a motion tween, but when u click the next link, the page just jumps into the next one instead of fading. How can I get that fading both in and out effect?
View 2 Replies
Jan 28, 2009
I'm creating a site that loads external .swfs as pages. I have little understanding of how Loaders and instance names work with AS3 (even after reading the documentation), so I'm having some difficulties.
I'm loading the .swfs in a movie clip named "container." I want to replace the contents of "container" with the web page .swf that the user chooses, but I don't know how to write the condition to:
a) check to see if something is already inside "container"b) remove the contents by instance name or method of MovieClip. I'd prefer to remove whatever is inside of "container" rather than switching cases for different instances.
[Code]...
View 3 Replies
Apr 13, 2005
I'm a bit of a newbie, wondering how this scaling effect is possible. See www.sagmeister.com - when you scale your browser window, the entire site interactively shrinks or enlarges to fit. How is this done with Flash MX? Is it a publishing option or an actionscript or what?
View 8 Replies
Jul 2, 2011
In a Flex Mobile project I have a simple itemRenderer where I'm trying to create an "bubble" texting effect, similar to ichat or iphone (just so you get what im going for). But if the text is longer than the screen it runs off, rather than just going down a line.
If I set Group thats holding the rectangle(to create the bubble effect) and the label to 100% it works and keeps it from exceeding the list containers bounds, BUT the group is always at 100% and looks bad, I'm trying to keep the "bubble" JUST AROUND the text.
Anyway so, at the top of my itemRenderer I tried specifying:
<s:ItemRenderer xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark" width="100%" height="100%">
And here's my layout I figured since msg_container has a width of 100% I was hoping bubble_lable_group would just not exceed that but...it doesnt...it just runs off. I tried setting a max width but that does not allow you to input percents. And just to say it 1 more time. I know if i set bubble_lable_group width to 100% it works, and keeps it from going off the edge, but then the rectangle "bubble" stretches all the way across and just looks bad.
<s:VGroup id="main_container" horizontalAlign="left" paddingBottom="10" paddingTop="10"
verticalAlign="top" width="100%">
[Code]....
View 1 Replies
Apr 28, 2009
Looking for a tutorial to make individual pages (jpg or gif) into swf pages so we can add links in an on-line flip book. I have flash, but have not learned as of yet.
View 2 Replies
Sep 21, 2011
I have a loop that goes through data from a book and displays it. The book is not consistent in it's layout so I am trying to display it in two different ways. First way(works fine) is to load the text from that section in to a panel and display it. The second way is to create a new panel (panel creates fine) and then add collapsable panels(nested) to that panel. Here is the code from the else loop.
else if (newPanel == false){
// simpleData is just for the title bar of the new panel
// otherwise the panel has no content
[Code]....
The error I get is: ReferenceError: Error #1069: Property panel4.4 not found on components.readTest and there is no default value.
I have tried setting the "name" property instead of the "id" property.
View 1 Replies
Oct 3, 2011
I'm using FileReference to upload PDFs and PHP to email it.Is there any way to find out the number of pages within the PDF using either Flash or PHP?
View 5 Replies
