Publishing for website delivery and a security rejection

I'm interested to know about a security issue we're having with publishing to our public website.  I need to deploy a learning module (and many more to come) to our website and so I've published the Storyline file for that purpose.  Prior to going live with the delivery our company did a security sweep of the contents and discovered a line of code that may allow any domain to inject a script into the hosting (our) web page.  Not good.  The code is in the story.js file.  Here's that line of code:

strHtml += "<param name='AllowScriptAccess' value='always'>";

The suggestion is to change the 'always' to 'sameDomain'. 

The big question is:  Will this work?

Second big question:  is there another way to publish ARticulate Storyline files without having to modify the js file?

1 Reply