Ticket #40 (closed 需求: 已处理)

Opened 14 years ago

Last modified 12 years ago

UBB解析对Flash做限制

Reported by: lifeng Owned by: lifeng
Priority: 重要的(3) Milestone:
Component: UBB编辑器 Version:
Keywords: flash ubb Cc: qinhongyuan, wanganning, chenyang, kuangjuhuan, dingjianyong
Due Date: 27/08/2012

Description (last modified by lifeng) (diff)

有网友在Flash中进行页面跳转,以至于访问帖子页面会自动跳转到其他页面。现在需要在UBB解析中做一些处理:

1.UBB输出Flash时,将 allowNetworking 设置为"internal"。一些跟跳转相关的 API 将被禁止:
navigateToURL();
fscommand();
ExternalInterface:call();

2.对[flash][/flash]标签中内容做过滤,防止可执行代码生效。
例如:

[flash][url=http://my.pcbaby.com.cn]my.pcbaby.com.cn[/url]"></embed></object><embed src='http://www.xici.net/d172003023.0/8.swf?a=http://www.baohng.cn/c.php?yisiq=1' AllowScriptAccess='always'></embed><embed [/flash]

Change History

comment:1 Changed 14 years ago by lifeng

  • Description modified (diff)

comment:2 Changed 12 years ago by lifeng

  • Status changed from new to closed
  • Resolution set to 已处理
Note: See TracTickets for help on using tickets.