|
From: | Sandro Santilli |
Subject: | [Gnash-commit] [bug #31833] URL encode/decode with Gnash Standalone |
Date: | Wed, 27 Jun 2012 14:06:04 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1 |
Update of bug #31833 (project gnash): Category: None => core Status: None => Confirmed _______________________________________________________ Follow-up Comment #4: The reason why we're encoding is to prevent malicious SWF from exploiting your URLOpener directive to run arbitrary shell commands. Chances are we could get away by simply providing a quoted URL, escaping the quote character and the escape character and assume your URLOpener command understands backslash-quoting. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?31833> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |