...even if the website doesn't serve Flash.
http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html
The important quote seems to be: "For website owners, all user-supplied content should be served from a completely separate domain." Different host doesn't count - needs to be different DOMAIN.
From what I can see, HardOCP seems to have all upload features (avatars and profile pictures) turned off, at least from what I can find in my User CP.
http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html
The important quote seems to be: "For website owners, all user-supplied content should be served from a completely separate domain." Different host doesn't count - needs to be different DOMAIN.
From what I can see, HardOCP seems to have all upload features (avatars and profile pictures) turned off, at least from what I can find in my User CP.