This content has been marked as final. Show 3 replies
The allowed characters are A-Za-z0-9:-=
Encoding other values is a reasonable approach, but you'll have to pick an encoding scheme that restricts itself to this character set.
Is there a reason it is so restrictive? You can't even pass a URL to your application as-is. Could you at least add "+" and "/" so Base-64 will work?
Yes; it's a security restriction. Browser invocation require process creation, and many process creation APIs giving special meanings to certain characters. Letting those characters through has in the past been a source of security vulnerabilities. While we also try to avoid using APIs with this behavior, extra layers of defense are also good.
I think + and / may actually be safe choices; you make a good point that they're useful for Base64. If you could submit a feature request at www.adobe.com/go/wish, we'll definitely consider it.
Another option, btw, is to use the LocalConnection API to pass data between the web page and your application once your app is launched. LocalConnection has fewer restrictions on the data passed.