Security Error on new CITT chapters

Go down

Security Error on new CITT chapters

Post  Matapasiones on Thu Oct 17, 2013 11:23 am

Hello, I read CITT and i'm very grateful for all your hard work. I'm studying computer sciences and I had to install Flash Player with the debugger. When I did that all new CITT chapters (those done with flash) would throw some Security Error. Here is one example:


SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller cannot access
 at flash.external::ExternalInterface$/_initJS()
 at flash.external::ExternalInterface$/call()
 at params_fla::MainTimeline/frame1()

I'm using the bookmark method, and this error shows once for each image loaded (25-30 for each chapter). The overlays still load, though.
To all users that use the normal flash player this error probably doesn't even appear, but it may cause some kind of problem in the future, so the people working on the server and plugin they may as well be checking this just in case.

Thanks again for all your work, I'm fascinated by the overlay idea to read webcomics in the original sites, so this is some little warning as return for your services.

A quick search on google:


Posts : 1
Join date : 2013-10-17

View user profile

Back to top Go down

Re: Security Error on new CITT chapters

Post  Doonge on Thu Oct 17, 2013 12:34 pm

Thank you for your input.

Since you're studying computer sciences, here's a follow-up:

In the near future, the flash loader will disappear because it's badly supported (for instance, and even though I don't like much Apple, flash isn't supported by iOS broadly). Even if it was broadly supported, it's really overkill and a security risk for the users anyway, because flash has a different set of rights than javascript (which should be sufficient for the scope of the application).

From what I understand on this article, I need to switch the allowscriptaccess parameter to 'always' (it is currently at sameDomain, which should be sufficient).
So, I understand there's a sandbox error, but it is kinda meant to be: the flash container is not meant to interact at all with

The current implementation I have uses the canvas element from html5, instead of flash.
The aim of flash was to be able to
- crypt data, and make it difficult to access the crypt function (since it's client-decoded).
- make it difficult to right-click and download the overlays (it is not possible within flash).

But it is overkill, roughly the same benefits can be achieved through canvas by
- slicing in a special mozaic the overlay (with overlap, which makes it annoying to compute back without a great control).
- overlay again with a transparent image (just for right-clickers).
- load crypted data in arraybuffer through xmlHTTPRequest2. The crypt function is visible in the javascript source, but it's okay I suppose.

What's lost is the inherent protection of flash (you need a decompiler that anyone can download anyway, but I suppose fewer people can toy with batch programs). So instead of knowing javascript and flash, you'll just need to know javascript if you really want to recompile programatically the overlays to distribute them elsewhere.
I'll see if this happens, if it does I see no point in using flash anyway, it means there's a programmer willing to do this, no point in fighting, we'll just stop the translation.

Not to mention, if we are allowed to work "for", meaning they host our work, then we are no longer responsible of such matters.

Best regards.

Posts : 774
Join date : 2012-01-18

View user profile

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum