Publishing for website delivery and a security rejection
I'm interested to know about a security issue we're having with publishing to our public website. I need to deploy a learning module (and many more to come) to our website and so I've published the Storyline file for that purpose. Prior to going live with the delivery our company did a security sweep of the contents and discovered a line of code that may allow any domain to inject a script into the hosting (our) web page. Not good. The code is in the story.js file. Here's that line of code:
strHtml += "<param name='AllowScriptAccess' value='always'>";
The suggestion is to change the 'always' to 'sameDomain'.
The big question is: Will this work?
Second big question: is there another way to publish ARticulate Storyline files without having to modify the js file?