Extension talk:Flashlets

Hm... I'm not sure how far ActionScript can access the surrounding website... is it possible to read the user's session cookie? Is it possible to load images etc from a different server? If the answer to both is yes, this extension is an invitation for Cross Site Scripting attacks. If only one of those is possible, it's not all that bad, but still worrying.

Please check and see... -- Duesentrieb ⇌ 12:02, 1 April 2007 (UTC)