Publishing for website delivery and a security rejection
Feb 06, 2014
I'm interested to know about a security issue we're having with publishing to our public website. I need to deploy a learning module (and many more to come) to our website and so I've published the Storyline file for that purpose. Prior to going live with the delivery our company did a security sweep of the contents and discovered a line of code that may allow any domain to inject a script into the hosting (our) web page. Not good. The code is in the story.js file. Here's that line of code:
strHtml += "<param name='AllowScriptAccess' value='always'>";
The suggestion is to change the 'always' to 'sameDomain'.
The big question is: Will this work?
Second big question: is there another way to publish ARticulate Storyline files without having to modify the js file?
1 Reply
Hi Chris,
I haven't heard of other users having an issue with this code before, and unfortunately we're unable to support modifying the published output. I hope that if someone in the community has had to do similar, they're able to share the advice here with you.
This discussion is closed. You can start a new discussion or contact Articulate Support.