I had made it for a client to enable to see trace output from Flash instead of having to have a debug Flash player installed and tailing the flashlog.txt file when they wanted to diagnose any issues they might be seeing with the player, specifically for live RTMP streams which can be a bit more involved to debug due to all the extra variables that go into a live stream versus an on demand or canned file.
Jplayer download link code#
Sorry that this code caused problems for anyone - it was indeed leftover code that allowed the jplayer.swf to connect locally with a local Adobe AIR app that could run and float in front of all windows and catch all the trace statements in realtime. Please start a new thread for support requests. The development log of jPlayer 2.4.0 will continue in this thread. This thread continues on from the previous development log for jPlayer 2.3.0, found here: JPlayer is now listed in the official jQuery plugins: The jPlayer GitHub repo has had a v2.4 branch created.
The jQuery parameter is restricted to strings containing jQuery. All url parameters are checked with a character whitelist. Direct access is detected and blocks any event generation. After discussion with security pros, it is now strongly believed that the Jplayer.swf file is secure. In 2.4.0 we have closed the hole for now and any future changes in the JavaScript and DOM language. Remember to delete any old copies of the Jplayer.swfįile you might have on your site to eliminate the vulnerability.īasically, the 2.3.0 XSS enabled the SWF to generate a confirm or prompt popup from your site, but it was benign.
:max_bytes(150000):strip_icc()/youtube-570832285f9b581408f5ef88.jpg "jplayer download link")
Jplayer download link update#
Is recommended that you update to this version to remove a minor vulnerability with the Flash SWF that enabled Cross Site Scripting (XSS) Simply add the new and Jplayer.swf files to your site. The release notes for the changes from the previous release are here:
0 kommentar(er)
