The title may be a bit of a misnomer, because Macromedia Flex lives on the server, while cross-site scripting exploits would occur on the client machines. This seems a sub-class of general security in the Macromedia Flash Player rather than the development environment, true...?
Here's general background info on security and privacy in the Macromedia Flash Player: http://www.macromedia.com/devnet/flashplayer/ ... and here's background on recent security issues in the Macromedia Flash Player: http://www.macromedia.com/devnet/security/security_zone/#flashplayer As I understand the post, you're concerned about the possibility of a command injection into a textfield of a SWF application. (I could be wrong, but it sounded to me more like a script-injection issue than a cross-site scripting issue.) Have you been able to see this happen yet? have you typed "fscommand:()" into a textfield in a particular component to pop up an alert or such? If there's a recipe that could be reproduced in-house then we can work on it. Or is it more a general curiosity, about whether there might be a way that such a thing is possible....? tx, jd -- John Dowdell . Macromedia Developer Support . San Francisco CA USA Weblog: http://www.macromedia.com/go/blog_jd Aggregator: http://www.macromedia.com/go/weblogs Technotes: http://www.macromedia.com/support/ Spam killed my private email -- public record is best, thanks. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/