Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
XSS security fix for SWFUPload v2.2.x
// before
this.movieName = root.loaderInfo.parameters.movieName;
// after
this.movieName = root.loaderInfo.parameters.movieName.replace(/[^\w\.-]/g, '');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment