I’m using LoadMovie to load SWF files.
I control the embedded player, but the loadMovie’d SWFs are arbitrary SWF files uploaded to my servers.
This embedded player may be viewed on my website, or on other sites. It of course loads arbitrary SWFs (potentially “mean”), which are stored on my server.
Crossdomain.xml is set to allow all domains.
I’m not terribly concerned about the SWF files doing “goofy” things, but I don’t want them to be able to access the cookie file for a user and send it to someone else.
How can I protect myself?
