Skip to content
/ FilterFlashVars Public

Flash loaderInfo.parameters: filter parameters passed via flashVars from parameters passed via URL query

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

im-saxo/FilterFlashVars

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
bin
bin
 
 
sources
sources
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

In Flash, flash.display.LoaderInfo.parameters is used to get some initial data on flash load, for example, the name of JS callback function to interact with.

The two sources of parameters are: the query string in the URL of the main SWF file, and the value of the FlashVars HTML parameter (this affects only the main SWF file).

The problem is that a bad person can inject ome JavaScript code via swf url, for example: https://soroush.secproject.com/blog/2011/03/flash-externalinterface-call-javascript-injection-%E2%80%93-can-make-the-websites-vulnerable-to-xss/

Usage: link FilterFlashVarsLibrary.swc library from bin folder and use itsfilterFlashVars method.

See the demo

About

Flash loaderInfo.parameters: filter parameters passed via flashVars from parameters passed via URL query

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages