Hey Guys!
I am a complete noob with JavaScript and I need some suggestions if possible...
I have a swf file loading from html but I am using the following javascript script:

  '<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"\n'+
   ' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0"\n'+
   ' WIDTH="800" HEIGHT="675" id="MBid">\n'+
   ' <PARAM NAME=movie VALUE="MBid.swf'+document.location.search+'">\n'+
   ' <PARAM NAME=quality VALUE=high>\n'+
   ' <PARAM NAME=bgcolor VALUE=#FFFFFF>\n'+
   ' <PARAM NAME=wmode VALUE=Opaque>\n'+
   ' <EMBED src="MBid.swf'+document.location.search+'"\n'+ 
   '  quality=high bgcolor=#FFFFFF wmode=transparent WIDTH="800" HEIGHT="675" NAME="MBid"\n'+
   '  TYPE="application/x-shockwave-flash"\n'+
   '  PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>\n'+
I am worried about the document.location.search that I use for sending a string variable to flash...
Someone can perform a "flash parameter injection" right?
How would I go to perform some kind of Sanitation inside the javascript code? (expecting only letters a-z and numbers 0-9)
Any ideas?
Thanks a lot in advance!!!