You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Google Caja Discuss
## Background
Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding Flash content. To do this, Caja has to specify options to prohibit the Flash content from being able to interact with the host page, bypassing the sandbox. A means was found to override this option.
## Impact and Advice
Given that ES5/3 mode is already deprecated, and the state of Flash on the web, we have decided to resolve this by removing all remaining support for Flash in Caja.
Users should upgrade to Caja v6013 https://github.com/google/caja/releases/tag/v6013 or later, or if this is not immediately feasible, remove the `flash` option from their Caja configuration if it is present. If your application is not explicitly using the deprecated ES5/3 mode, this should not have any functional effect.