Manual:$wgMangleFlashPolicy

From MediaWiki.org
Jump to: navigation, search

Other languages:
català • ‎Deutsch • ‎English • ‎español • ‎suomi • ‎français • ‎italiano • ‎日本語 • ‎Nederlands • ‎polski • ‎português • ‎português do Brasil
Output: $wgMangleFlashPolicy
Whether to mangle any <cross-domain-policy> (Adobe cross-domain policy) tags, to prevent XSS attacks.
Introduced in version: 1.23.7 (git #92f22cd4)
Removed in version: still in use
Allowed values: (boolean)
Default value: true
Other settings: Alphabetical | By function

Details[edit]

When this is set to true, any occurrences of <cross-domain-policy> in sanitised output will be altered to <NOT-cross-domain-policy>. Without this, an attacker can potentially send their own Adobe cross-domain policy unless it is prevented by the crossdomain.xml file at the domain root.

You should only set this to false if you have a crossdomain.xml file in the root of your website (e.g. http://example.com/crossdomain.xml).