W3C home > Mailing lists > Public > public-web-security@w3.org > October 2011

How should Content-Security-Policy apply to Flash?

From: Travis Hassloch <thassloc@adobe.com>
Date: Thu, 20 Oct 2011 17:19:08 -0700
To: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <CAC6088C.C95B%thassloc@adobe.com>
I would be very appreciative to hear your ideas on how
Content-Security-Policy should apply to flash.

For example, one idea of many: SWF files are compiled from
actionscript, which is more-or-less ECMAscript, so perhaps it
should be interpreted as such.  On the other hand, they may be
dissimilar enough that extensions to CSP (new directives) may
be the way to go.

Thoughts on this or any other aspect?

Backgrounder on flash security model:
<URL:http://www.adobe.com/devnet/flashplayer/articles/flash_player10_securit
y_wp.html>

Thanks!
-- 
Travis Hassloch
Flash Player Security Engineer
Received on Friday, 21 October 2011 14:13:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 21 October 2011 14:13:27 GMT