Comments on: An ActionScript interpreter, courtesy of JavaScript and Apollo http://www.joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/ Just another WordPress weblog Fri, 22 Aug 2008 02:43:52 +0000 http://wordpress.org/?v=2.3.3 By: joe http://www.joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/#comment-1995 joe Mon, 18 Jun 2007 20:51:28 +0000 http://www.joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/#comment-1995 Things look good. On the remote scripting problem: the answer is that HTML windows have their own domain-specific security sandbox, much like a remotely loaded SWF. The capabilities granted to the script in an HTML window are exactly those that would be granted to a SWF loaded from the same domain as the HTML page. In the absence of any crossdomain privileges, these capabilities are null -- a generic remote page's Javascript cannot access information in the parent app, nor use the Apollo runtime APIs. Things look good. On the remote scripting problem: the answer is that HTML windows have their own domain-specific security sandbox, much like a remotely loaded SWF. The capabilities granted to the script in an HTML window are exactly those that would be granted to a SWF loaded from the same domain as the HTML page. In the absence of any crossdomain privileges, these capabilities are null — a generic remote page’s Javascript cannot access information in the parent app, nor use the Apollo runtime APIs.

]]> By: joe http://www.joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/#comment-1994 joe Mon, 18 Jun 2007 13:22:52 +0000 http://www.joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/#comment-1994 Stephen -- That's a very good point, which I'll try to check out.... Stephen — That’s a very good point, which I’ll try to check out….

]]> By: Stephen Beattie http://www.joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/#comment-1993 Stephen Beattie Sun, 17 Jun 2007 17:17:14 +0000 http://www.joeberkovitz.com/blog/2007/04/12/an-actionscript-interpreter-courtesy-of-javascript-and-apollo/#comment-1993 Gulp! - This sounds dangerous - there's surely some remote scripting badness here. I can imagine someone creating a web page with a piece of javascript that loops through all the available variables in the Apollo app and posts them back to a remote server. If usernames, passwords etc are stored in shared objects or as temporary variables inside flash then they're at risk using this technique. Hopefully Adobe's thought of this.... Gulp! - This sounds dangerous - there’s surely some remote scripting badness here.

I can imagine someone creating a web page with a piece of javascript that loops through all the available variables in the Apollo app and posts them back to a remote server. If usernames, passwords etc are stored in shared objects or as temporary variables inside flash then they’re at risk using this technique.

Hopefully Adobe’s thought of this….

]]>