So, this is the thing:
I ask users for a URL pointing to an image (complete http
so that I store it and display later it in a flash holder (using
the movieclip loader class);
If the user inputs a URL that points to a malicious swf file
(instead of an image) that has a simple getURL redirection to his
website the moviecliploader will load his swf and then the
actionscript will take the user viewing pictures to the malicious
Is there a way to prevent this? Is there a way to load an swf
dynamically yet forbid its actionscript to run?
With the cross domain policy I can prevent the swf from
accesing my loading movie's timeline and variables, yet the simple
getURL works opening a pop up of the malicious website.
Hey dude, thanks for the quick reply.
Yeah I knew that would be the correct way to do it, but I was
actually looking for an easy way out forbbiding actionscript
Just right now I solved this by adding an extension look up
in the server side script before storing the input into the
database, rather than doing it in the actual flash file; this way
I'm always sure flash displays only images.
By the way kglad you never answered my last email.