Comments on: An ActionScript interpreter, courtesy of JavaScript and Apollo http://joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/ Just another WordPress weblog Fri, 13 Aug 2010 18:04:58 -0400 http://wordpress.org/?v=2.8.5 hourly 1 By: joe http://joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/comment-page-1/#comment-117 joe Mon, 18 Jun 2007 20:51:28 +0000 http://www.joeberkovitz.com/blog/?p=42#comment-117 Things look good. On the remote scripting problem: the answer is that HTML windows have their own domain-specific security sandbox, much like a remotely loaded SWF. The capabilities granted to the script in an HTML window are exactly those that would be granted to a SWF loaded from the same domain as the HTML page. In the absence of any crossdomain privileges, these capabilities are null -- a generic remote page's Javascript cannot access information in the parent app, nor use the Apollo runtime APIs. Things look good. On the remote scripting problem: the answer is that HTML windows have their own domain-specific security sandbox, much like a remotely loaded SWF. The capabilities granted to the script in an HTML window are exactly those that would be granted to a SWF loaded from the same domain as the HTML page. In the absence of any crossdomain privileges, these capabilities are null — a generic remote page’s Javascript cannot access information in the parent app, nor use the Apollo runtime APIs.

]]> By: joe http://joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/comment-page-1/#comment-116 joe Mon, 18 Jun 2007 13:22:52 +0000 http://www.joeberkovitz.com/blog/?p=42#comment-116 Stephen -- That's a very good point, which I'll try to check out.... Stephen — That’s a very good point, which I’ll try to check out….

]]> By: Stephen Beattie http://joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/comment-page-1/#comment-115 Stephen Beattie Sun, 17 Jun 2007 17:17:14 +0000 http://www.joeberkovitz.com/blog/?p=42#comment-115 Gulp! - This sounds dangerous - there's surely some remote scripting badness here. I can imagine someone creating a web page with a piece of javascript that loops through all the available variables in the Apollo app and posts them back to a remote server. If usernames, passwords etc are stored in shared objects or as temporary variables inside flash then they're at risk using this technique. Hopefully Adobe's thought of this.... Gulp! – This sounds dangerous – there’s surely some remote scripting badness here.

I can imagine someone creating a web page with a piece of javascript that loops through all the available variables in the Apollo app and posts them back to a remote server. If usernames, passwords etc are stored in shared objects or as temporary variables inside flash then they’re at risk using this technique.

Hopefully Adobe’s thought of this….

]]>