![(please configure the [header_logo] section in trac.ini)](http://www1.pconline.com.cn/hr/2009/global/images/logo.gif){kind=logo}
Ticket #40 (new 需求) — at Version 1
UBB解析对Flash做限制
| Reported by: | lifeng | Owned by: | lifeng |
|---|---|---|---|
| Priority: | 重要的(3) | Milestone: | |
| Component: | UBB编辑器 | Version: | |
| Keywords: | flash ubb | Cc: | qinhongyuan, wanganning, chenyang, kuangjuhuan, dingjianyong |
| Due Date: | 27/08/2012 |
Description (last modified by lifeng) (diff)
有网友在Flash中进行页面跳转,以至于访问帖子页面会自动跳转到其他页面。现在需要在UBB解析中做一些处理:
1.UBB输出Flash时,将 allowNetworking 设置为"internal"。一些跟跳转相关的 API 将被禁止:
navigateToURL();
fscommand();
ExternalInterface:call();
2.对[flash][/flash]标签中内容做过滤,防止可执行代码生效。
例如:
[flash][url=http://my.pcbaby.com.cn]my.pcbaby.com.cn[/url]"></embed></object><embed src='http://www.xici.net/d172003023.0/8.swf?a=http://www.baohng.cn/c.php?yisiq=1' AllowScriptAccess='always'></embed><embed [/flash]
Note: See
TracTickets for help on using
tickets.
