- From: Travis Hassloch <thassloc@adobe.com>
- Date: Thu, 20 Oct 2011 17:19:08 -0700
- To: "public-web-security@w3.org" <public-web-security@w3.org>
I would be very appreciative to hear your ideas on how Content-Security-Policy should apply to flash. For example, one idea of many: SWF files are compiled from actionscript, which is more-or-less ECMAscript, so perhaps it should be interpreted as such. On the other hand, they may be dissimilar enough that extensions to CSP (new directives) may be the way to go. Thoughts on this or any other aspect? Backgrounder on flash security model: <URL:http://www.adobe.com/devnet/flashplayer/articles/flash_player10_securit y_wp.html> Thanks! -- Travis Hassloch Flash Player Security Engineer
Received on Friday, 21 October 2011 14:13:26 UTC