/ Zope / Apsis / Pound Mailing List / Archive / 2003 / 2003-11 / Weird Embed Object Problem

[ << ] [ >> ]

[ Empty documents with directory indexing by thttpd ... ] [ Problems compiling on RHEL3 / "Ethan ... ]

Weird Embed Object Problem
"Joel Johnston" <j.johnston(at)FinancialAid.com>		 2003-11-26 01:39:12 [ FULL ] 
We have a flash file that sends a variable to itself from the embed tag.
This variable is a path which (inside of the swf,) is interpreted as a
hyperlink, making the entire swf  one big link to the root of the
site... like so.
 
<OBJECT CLASSID="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
CODEBASE="https://download.macromedia.com/pub/shockwave/cabs/flash/swfla
sh.cab#version=6,0,0,0" WIDTH="213" HEIGHT="79" ID="logo"
ALIGN="middle">
 
<PARAM NAME="allowScriptAccess" VALUE="sameDomain" />
 
<PARAM NAME="movie"
VALUE="https://www.financialaid.com/rateyourcampus/swf/logo.swf?urlvar=h
ttp://www.rateyourcampus.com" />
 
<PARAM NAME="quality" VALUE="high" />
 
<PARAM NAME="bgcolor" VALUE="#ffffff" />
 
<EMBED
SRC="https://www.financialaid.com/rateyourcampus/swf/logo.swf?urlvar=htt
p://www.rateyourcampus.com" QUALITY="high" BGCOLOR="#ffffff" WIDTH="213"
HEIGHT="79" NAME="logo" ALIGN="middle" ALLOWSCRIPTACCESS="sameDomain"
TYPE="application/x-shockwave-flash"
PLUGINSPAGE="https://www.macromedia.com/go/getflashplayer"
/>
 
</OBJECT>
 
However, this fails to work since Pound went active.  My thoughts are
that the http sanitizer is "cleaning up" the second instance of http://
in the variable string and thus preventing it from actually loading the
variable in the swf..   I'm probably (as I usually am :-) ) wrong.  Does
anyone have any experience with this behavior?   Obviously, we could
remove the http:// from the variable and still effectively pass the
functionality, but I'd like not to have to burden our developers with
more policies to adhere to given the impending doom of the embed object
as it were... Play around with the EMBED SRC and see what works and what
doesn't, you'll see what I'm talking about...    
 
Thanks once again,
 
Joel Johnston - Network Engineer / Web Developer 
402 W. Broadway, Suite 770 
San Diego, CA 92101 
Phone: 888-868-1391 Ext.8024
E-mail: j.johnston(at)financialaid.com 
CONFIDENTIALITY NOTICE: This communication and any accompanying
document(s) are privileged and confidential and are intended for the
sole use of the addressee(s). If you have received this transmission in
error, you are advised that any disclosure, copying, distribution, or
the taking of any action in reliance upon it is strictly prohibited.
Moreover, any such inadvertent disclosure shall not compromise or waive
the FinancialAid.com-client privilege as to this communication or
otherwise. If you have received this communication in error, please
immediately delete it and contact us at privacy(at)financialaid.com or by
telephone at 619-400-8000. Thank you. FinancialAid.com LLC
Re: Weird Embed Object Problem
Robert Segall <roseg(at)apsis.ch>		 2003-11-26 15:02:19 [ FULL ] 
On Wednesday 26 November 2003 01:39, Joel Johnston wrote:[...]

Either add ':' to CSqval (by default it is not allowed) or use Pound-current 
which does not do URL checking by default.[...]
MailBoxer