[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnash-dev] default load policy in gnashrc

From: Rob Savoye
Subject: Re: [Gnash-dev] default load policy in gnashrc
Date: Mon, 20 Nov 2006 07:43:28 -0700
User-agent: Thunderbird (X11/20061107)

strk wrote:

> If you *do* have both 'whitelist' and 'blacklist', the
> blacklist won't be used.

 Both should get used, in addition to the "localdomain()" value.  If a
file that is to be loaded isn't in the whitelist or blacklist, then the
value of localdomain (the only real security setting for Flash) is used
to determine if it should be loaded or not.

  For sites in the whitelist, localdomain should be ignored, and the
content loaded anyway. For any sites in the blacklist, that content is
never loaded, regardless of the value of localdomain.

> So, rationale is:
>       - use 'whitelist' if you want to DENY by default
>       - use 'blacklist' if you want to ACCEPT by default

  This is reversed. A Blacklist denys access, and a whitelist allows it.

        - rob -

reply via email to

[Prev in Thread] Current Thread [Next in Thread]