I have started developing a drawing application in as3. I am thinking that I could integrate a cms and allow swf files to be uploaded in runtime as graphics.What are the potensial security issues involving third party possibly malicious swf files here?
I would simply be adding the swf as a custom sprite class to a masked container sprite.
Does this open a hole to run other scripts ( js on another server? ) and or give access to the client’s computer in unsafe ways?
I would appreciate any recomendations reading and or advice / experience in swf hosting like this. I see this being done on many sites now such as wonderfl and activeden.
This is the ActionScript equivalent to XSS. Your domain will no longer be protected by the Same Origin Policy. This can be used by an attacker to hijack a Session ID (Cookie), deface your web site, or deliver exploit code to any browsers visiting your site.