[Xerte] Xerte and Flash security

Wed Oct 13 17:47:34 BST 2010

According to "XML for the World Wide Web" by Elizabeth Castro, hyphens
can be used in element names, but element names cannot begin with them.
Element names must begin with a letter, and underscore, or a colon; and
cannot begin with the letters x, m and l in either upper or lowercase.

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: Wednesday, October 13, 2010 9:30 AM
To: Xerte list
Subject: RE: [Xerte] Xerte and Flash security

Pat, see my post about having been down this road.

All this thrashing about is due to the fluky chance that a client sent
me some XML to test with a hyphen in an element tag.
Hyphens are perfectly XML legal AFAIK.
I kept getting NaN back when I tried to access via dot notation anything
within that tag set.

Now the easy answer is of course, change the tag. But when you do
dynamic engines and don't know in the long run what someone might try to
run through there, it can't be considered best practice ;-)

So I thought, OK, maybe the XML has to come URL encoded, and using
FileLocation doesn't give me that.
So I tried to serve the XML off my server, and now I've run into the
sendAndLoad vs Loadvars problem.

Anyway, I tested in a dummy file using Loadvars to the XML on my server,
and elements with a hyphen still return NaN when access is attempted.

________________________________

From: Patrick.Lockley at nottingham.ac.uk
To: xerte at lists.nottingham.ac.uk
Date: Wed, 13 Oct 2010 17:15:14 +0100
Subject: RE: [Xerte] Xerte and Flash security

Think xerte desktop still uses IE to get to the internet?

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 13 October 2010 16:50
To: Xerte list
Subject: RE: [Xerte] Xerte and Flash security

Thought that only operated on a browser.
I'm in Xerte desktop.

________________________________

From: Patrick.Lockley at nottingham.ac.uk
To: xerte at lists.nottingham.ac.uk
Date: Wed, 13 Oct 2010 16:46:44 +0100
Subject: RE: [Xerte] Xerte and Flash security

Check with fiddler?

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 13 October 2010 16:46
To: Xerte list
Subject: RE: [Xerte] Xerte and Flash security

"ctrls.sendAndLoad(myReq, 'http://www.myserver.com/dave/some.xml'); //
just sits at event trap"

________________________________

From: Patrick.Lockley at nottingham.ac.uk
To: xerte at lists.nottingham.ac.uk
Date: Wed, 13 Oct 2010 16:41:49 +0100
Subject: RE: [Xerte] Xerte and Flash security

Using the full domain in the http:// request?

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 13 October 2010 16:39
To: Xerte list
Subject: RE: [Xerte] Xerte and Flash security

Only works on domains I think.
Never seen a local file system specified in one.

________________________________

From: Patrick.Lockley at nottingham.ac.uk
To: xerte at lists.nottingham.ac.uk
Date: Wed, 13 Oct 2010 16:32:23 +0100
Subject: RE: [Xerte] Xerte and Flash security

Crossdomain?

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 13 October 2010 16:32
To: Xerte list
Subject: [Xerte] Xerte and Flash security

If while I am developing a bit and I want to load some XML from my
server, what's the trick?

ctrls.sendAndLoad(myReq, FileLocation + 'some.xml'); //trips onLoad
event

ctrls.sendAndLoad(myReq, 'http://www.myserver.com/dave/some.xml'); //
just sits at event trap

Dave

This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham. 
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system: you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation. 

_______________________________________________ Xerte mailing list
Xerte at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte This message and
any attachment are intended solely for the addressee and may contain
confidential information. If you have received this message in error,
please send it back to me, and immediately delete it. Please do not use,
copy or disclose the information contained in this message or in any
attachment. Any views or opinions expressed by the author of this email
do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system: you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20101013/83d389bf/attachment.html