search

ejayimperial / google-caja

Automatically exported from code.google.com/p/google-caja
0 stars 0 forks source link

Flash Attributes #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The following Flash Attributes need to be added:

allowScriptAccess
allowNetworking

Original issue reported on code.google.com by sshja...@gmail.com on 25 Jan 2008 at 10:20

GoogleCodeExporter commented 9 years ago 
These should be added to the list of html attributes.  So they're recognized on 
embed
or object tags.

They should not be added to the whitelist, though clients that have a separate
sanitizer for embed or object tags can whitelist them once I separate out the
whitelist into config files.

Original comment by mikesamuel@gmail.com on 29 Jan 2008 at 12:21

GoogleCodeExporter commented 9 years ago 
This will be fixed once issue 50 is fixed.

Original comment by mikesamuel@gmail.com on 19 Feb 2008 at 10:36

GoogleCodeExporter commented 9 years ago 
allowfullscreen should also be added to the whitelist.

right now we are using an opensocial .7 container on hi5 and we chose to use
swfObject1-5 because the gadgets.flash.embedFlash command is too limited.

it seems better than the original flash embed from google gadgets though.

Original comment by justin.kruger on 3 Mar 2008 at 7:32