How should Content-Security-Policy apply to Flash?

I would be very appreciative to hear your ideas on how
Content-Security-Policy should apply to flash.

For example, one idea of many: SWF files are compiled from
actionscript, which is more-or-less ECMAscript, so perhaps it
should be interpreted as such.  On the other hand, they may be
dissimilar enough that extensions to CSP (new directives) may
be the way to go.

Thoughts on this or any other aspect?

Backgrounder on flash security model:

Travis Hassloch
Flash Player Security Engineer

Received on Friday, 21 October 2011 14:13:26 UTC