Manual:$wgMangleFlashPolicy/es

From Linux Web Expert

<translate> Output</translate>: $wgMangleFlashPolicy
Whether to mangle any <cross-domain-policy> (Adobe cross-domain policy) tags, to prevent XSS attacks.
<translate> Introduced in version:</translate>1.23.7 (Gerrit change 174289; git #92f22cd4)
<translate> Deprecated in version:</translate>1.39.0 (Gerrit change 815827; git #51ddd706)
<translate> Removed in version:</translate>1.40.0 (Gerrit change 838769; git #bb10b7d5)
<translate> Allowed values:</translate>(booleano)
<translate> Default value:</translate>true

Detalles

When this is set to true, any occurrences of <cross-domain-policy> in sanitised output will be altered to <NOT-cross-domain-policy>. Without this, an attacker can potentially send their own Adobe cross-domain policy unless it is prevented by the crossdomain.xml file at the domain root.

You should only set this to false if you have a crossdomain.xml file in the root of your website (e.g. http://example.com/crossdomain.xml).