2008-09-27, 02:23 AM
Is there a way to embed a flash swf in a signature without going to the database and entering it manually? With html tags turned off
Ok I figured out how to make this work. I added a myCode for flash without compromising XSS vulnerabilities
I added the regular expression:
But I made a few adjustments to the replacement:
That way if a user tries to embed a flash file, it must reside inside the images folder on the server
Is this safe? Anyone see any security problems later?
Ok I figured out how to make this work. I added a myCode for flash without compromising XSS vulnerabilities
I added the regular expression:
\[flash\](.*?)\[/flash\]
But I made a few adjustments to the replacement:
<object width="200" height="100">
<param name="movie" value="http://www.resonantsolution.com/images/$1">
<embed src="http://www.resonantsolution.com/images/$1" width="200" height="100">
</embed>
</object>
That way if a user tries to embed a flash file, it must reside inside the images folder on the server
Is this safe? Anyone see any security problems later?