|Whether to mangle any
|Introduced in version:||1.23.7 (Gerrit change 174289; git #92f22cd4)|
|Removed in version:||still in use|
|Other settings: Alphabetical | By function|
When this is set to true, any occurrences of
<cross-domain-policy> in sanitised output will be altered to
<NOT-cross-domain-policy>. Without this, an attacker can potentially send their own Adobe cross-domain policy unless it is prevented by the crossdomain.xml file at the domain root.
You should only set this to false if you have a crossdomain.xml file in the root of your website (e.g. http://example.com/crossdomain.xml).