Hacker News new | comments | show | ask | jobs | submit login

There are some noteworthy security problems with Flash in principle.

If website.com embeds a flash file from flash.example, it will run in the context of flash.example, the embedee. If website.com embeds JavaScript from js.example, the code will run in the context of website.com, the embedder.

This will and has caused problems with interoperability in so far, as I'd call it an ugly and dangerous wart.

See web security literature like "The Tangled Web" (or https://code.google.com/archive/p/browsersec/wikis/Part2.wik...) for more.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: