I use this template here for my html template... under 3.3 sdk is this still affected?
SWFObject flex template http://www.robgonda.com/blog/index.cfm/2008/7/15/SWF-Object-21-Flex-Template --- In [email protected], Jim Cheng <li...@...> wrote: > > If you do hang back with 3.3 _AND_ are using Flex Builder's > automatically generated HTML wrapper, you should be aware that there was > a bug discovered in the express-install template files that can expose > you to a cross-site-scripting (XSS) attack. Adobe fixed this in 3.4, > but with that revision, also introduced the nasty bug with HTTPService > responders getting called twice. > > If you are using the vanilla express-install templates to generate HTML > for you, you might want to patch your 3.3 SDK while you wait for 3.5. > > Here's the relevant links: > > http://www.adobe.com/support/security/bulletins/apsb09-13.html > > http://kb2.adobe.com/cps/495/cpsid_49530.html > > Hope this helps, > > Jim Cheng > EffectiveUI > > Jake Churchill wrote: > > > > > > Thanks for the info. I was just upgrading to stay current, no particular > > reason so I'll hang back on 3.3 for a while until 3.5 is released. >
