I want to allow my users to embed their own flash animations in their posts. Usually the actual file is hosted on some kind of free image hosting site. I would not load flash memory if the user did not press the button to play (so that nothing happens when the page loads). I know that people can do something really annoying shit in the flash, but I canβt find any information about the potential serious damage that the flash application could cause to the viewer.
Is it insecure to embed only any flash file from the Internet? If so, how can I allow users to embed innocent animations, but still not use malicious applications?
edit:
From what I can collect, the most obvious threat to actionscript is to redirect to a malicious site.
Adobe says you can set allowScriptAccess = never and allowNetworking = none and swf should not have any access to anything outside of itself. Will this solve all my problems?
dsims source
share