diff --git a/code/ryzom/client/src/client_cfg.cpp b/code/ryzom/client/src/client_cfg.cpp
--- a/code/ryzom/client/src/client_cfg.cpp
+++ b/code/ryzom/client/src/client_cfg.cpp
@@ -426,8 +426,13 @@
 	PatchUrl = "";
 	PatchVersion = "";
 	PatchServer = "";
-	RingReleaseNotePath = "http://atys.ryzom.com/releasenotes_ring/index.php";
-	ReleaseNotePath = "http://atys.ryzom.com/releasenotes/index.php";
+
+	WebIgMainDomain = "atys.ryzom.com";
+	WebIgTrustedDomains.push_back(WebIgMainDomain);
+
+	RingReleaseNotePath = "http://"+WebIgMainDomain+"/releasenotes_ring/index.php";
+	ReleaseNotePath = "http://"+WebIgMainDomain+"/releasenotes/index.php";
+
 
 	///////////////
 	// ANIMATION //
@@ -1040,6 +1045,11 @@
 	READ_STRING_DEV(ReleaseNotePath)
 	READ_STRING_FV(PatchServer)
 
+	////////////////////////
+	// WEBIG //
+	READ_STRING_DEV(WebIgMainDomain);
+	READ_STRINGVECTOR_FV(WebIgTrustedDomains);
+
 	///////////////
 	// ANIMATION //
 	// AnimatedAngleThreshold
diff --git a/code/ryzom/client/src/client_cfg.h b/code/ryzom/client/src/client_cfg.h
--- a/code/ryzom/client/src/client_cfg.h
+++ b/code/ryzom/client/src/client_cfg.h
@@ -292,6 +292,9 @@
 	std::string		RingReleaseNotePath;
 	std::string		ReleaseNotePath;
 
+	std::string		WebIgMainDomain;
+	std::vector<string>	WebIgTrustedDomains;
+
 
 	///////////////
 	// ANIMATION //
diff --git a/code/ryzom/client/src/interface_v3/action_handler_ui.cpp b/code/ryzom/client/src/interface_v3/action_handler_ui.cpp
--- a/code/ryzom/client/src/interface_v3/action_handler_ui.cpp
+++ b/code/ryzom/client/src/interface_v3/action_handler_ui.cpp
@@ -416,7 +416,7 @@
 					nlwarning("%s is not a group html", window.c_str());
 					return;
 				}
-				pGH->setURL("http://atys.ryzom.com/start/index.php?app="+webapp);
+				pGH->setURL("http://"+ClientCfg.WebIgMainDomain+"/start/index.php?app="+webapp);
 			}
 		}
 		else
diff --git a/code/ryzom/client/src/interface_v3/group_html.cpp b/code/ryzom/client/src/interface_v3/group_html.cpp
--- a/code/ryzom/client/src/interface_v3/group_html.cpp
+++ b/code/ryzom/client/src/interface_v3/group_html.cpp
@@ -62,7 +62,14 @@
 
 CGroupHTML *CGroupHTML::_ConnectingLock = NULL;
 extern CActionsContext ActionsContext;
 
+// Check if domain is on TrustedDomain
+bool CGroupHTML::isTrustedDomain(const string &domain) {
+	vector<string>::iterator it;
+	it = find (ClientCfg.WebIgTrustedDomains.begin(), ClientCfg.WebIgTrustedDomains.end(), domain);
+	return it != ClientCfg.WebIgTrustedDomains.end();
+}
+
 // Get an url and return the local filename with the path where the url image should be
 string CGroupHTML::localImageName(const string &url)
 {
@@ -215,6 +222,9 @@
 
 void CGroupHTML::initBnpDownload()
 {
+	if (!_TrustedDomain)
+		return;
+		
 #ifdef LOG_DL
 	nlwarning("Init Bnp Download");
 #endif
@@ -452,7 +496,7 @@
 //		for (i=0; i<(uint)len; i++)
 //			inputString[i] = buf[i];
 
-		if (_ParsingLua)
+		if (_ParsingLua && _TrustedDomain)
 		{
 			// we are parsing a lua script
 			_LuaScript += inputString;
@@ -515,7 +559,7 @@
 // ***************************************************************************
 
 void CGroupHTML::addLink (uint element_number, uint /* attribute_number */, HTChildAnchor *anchor, const BOOL *present, const char **value)
-{
+{
 	if (_Browsing)
 	{
 		if (element_number == HTML_A)
@@ -523,8 +567,8 @@
 			if (present[MY_HTML_A_HREF] && value[MY_HTML_A_HREF])
 			{
 				string suri = value[MY_HTML_A_HREF];
-				if(suri.find("ah:") == 0)
+				if(_TrustedDomain && suri.find("ah:") == 0)
 				{
 					// in ah: command we don't respect the uri standard so the HTAnchor_address doesn't work correctly
 					_Link.push_back (suri);
 				}
@@ -527,8 +571,8 @@
 				{
 					// in ah: command we don't respect the uri standard so the HTAnchor_address doesn't work correctly
 					_Link.push_back (suri);
 				}
-				else if (suri[0] == '#')
+				else if (_TrustedDomain && suri[0] == '#')
 				{
 					// Direct url (hack for lua beginElement)
 					_Link.push_back (suri.substr(1));	
@@ -820,9 +884,9 @@
 			_TextColor.push_back(LinkColor);
 			_GlobalColor.push_back(LinkColorGlobalColor);
 			_A.push_back(true);
 
 			// Quick help
-			if (present[MY_HTML_A_Z_ACTION_SHORTCUT] && value[MY_HTML_A_Z_ACTION_SHORTCUT])
+			if (_TrustedDomain && present[MY_HTML_A_Z_ACTION_SHORTCUT] && value[MY_HTML_A_Z_ACTION_SHORTCUT])
 			{
 				// Get the action category
 				string category;
@@ -833,7 +897,7 @@
 				string params;
 				if (present[MY_HTML_A_Z_ACTION_PARAMS] && value[MY_HTML_A_Z_ACTION_PARAMS])
 					params = value[MY_HTML_A_Z_ACTION_PARAMS];
-
+				
 				// Get the action descriptor
 				CActionsManager *actionManager = ActionsContext.getActionsManager (category);
 				if (actionManager)
@@ -1532,7 +1686,6 @@
 			_IgnoreText = false;
 			break;
 		case HTML_OBJECT:
-			if (_ObjectType=="application/ryzom-data")
-			{
-				if (!_ObjectData.empty())
+			if (_TrustedDomain) {
+				if (_ObjectType=="application/ryzom-data")
 				{
@@ -1538,3 +1691,3 @@
 				{
-					if (addBnpDownload(_ObjectData, _ObjectAction, _ObjectScript, _ObjectMD5Sum))
+					if (!_ObjectData.empty())
 					{
@@ -1540,4 +1693,8 @@
 					{
-						CInterfaceManager *pIM = CInterfaceManager::getInstance();
-						pIM->executeLuaScript(_ObjectScript, true);
+						if (addBnpDownload(_ObjectData, _ObjectAction, _ObjectScript, _ObjectMD5Sum))
+						{
+							CInterfaceManager *pIM = CInterfaceManager::getInstance();
+							pIM->executeLuaScript(_ObjectScript, true);
+						}
+						_ObjectScript = "";
 					}
@@ -1543,3 +1700,2 @@
 					}
-					_ObjectScript = "";
 				}
@@ -1545,2 +1701,3 @@
 				}
+				_Object = false;
 			}
@@ -1546,5 +1703,5 @@
 			}
-			_Object = false;
+			break;
 		}
 	}
 }
@@ -1556,7 +1713,7 @@
 	if (stricmp(str.c_str(), "lua") == 0)
 	{
 		// we receive an embeded lua script
-		_ParsingLua = true;
+		_ParsingLua = _TrustedDomain; // Only parse lua if TrustedDomain
 		_LuaScript = "";
 	}
 }
@@ -1567,7 +1724,7 @@
 	string str(buffer, buffer+length);
 	if (stricmp(str.c_str(), "lua") == 0)
 	{
-		if (_ParsingLua)
+		if (_ParsingLua && _TrustedDomain)
 		{
 			_ParsingLua = false;
 			// execute the embeded lua script
@@ -2894,7 +3077,7 @@
 
 				// Init LibWWW
 				initLibWWW();
-				setCurrentDomain(finalUrl);
+				_TrustedDomain = isTrustedDomain(setCurrentDomain(finalUrl));
 
 				// Get the final URL
 				C3WSmartPtr uri = HTParse(finalUrl.c_str(), NULL, PARSE_ALL);
@@ -3045,7 +3228,7 @@
 
 				// Init LibWWW
 				initLibWWW();
-				setCurrentDomain(_URL);
+				_TrustedDomain = isTrustedDomain(setCurrentDomain(_URL));
 
 				// Get the final URL
 				C3WSmartPtr uri = HTParse(_URL.c_str(), NULL, PARSE_ALL);
diff --git a/code/ryzom/client/src/interface_v3/group_html.h b/code/ryzom/client/src/interface_v3/group_html.h
--- a/code/ryzom/client/src/interface_v3/group_html.h
+++ b/code/ryzom/client/src/interface_v3/group_html.h
@@ -281,6 +290,9 @@
 	// Current URL
 	std::string		_URL;
 
+	// Current DOMAIN
+	bool		_TrustedDomain;
+
 	// Title prefix
 	ucstring		_TitlePrefix;
 
@@ -579,6 +600,8 @@
 	void checkImageDownload();
 	void addImageDownload(const std::string &url, CViewBase *img);
 	std::string localImageName(const std::string &url);
+	
+	bool isTrustedDomain(const std::string &domain);
 
 
 
diff --git a/code/ryzom/client/src/interface_v3/group_html_webig.cpp b/code/ryzom/client/src/interface_v3/group_html_webig.cpp
--- a/code/ryzom/client/src/interface_v3/group_html_webig.cpp
+++ b/code/ryzom/client/src/interface_v3/group_html_webig.cpp
@@ -203,8 +203,7 @@
 		nlSleep(1*60*1000);
 		while (true)
 		{
-			string url = "http://atys.ryzom.com/start/index.php?app=notif&rnd="+randomString();
-			//string url = "http://ryapp.bmsite.net/app_mail.php?page=ajax/inbox/unread&rnd="+randomString();
+			string url = "http://"+ClientCfg.WebIgMainDomain+"/start/index.php?app=notif&rnd="+randomString();
 			addWebIGParams(url);
 			get(url);
 			nlSleep(10*60*1000);
diff --git a/code/ryzom/client/src/libwww.cpp b/code/ryzom/client/src/libwww.cpp
--- a/code/ryzom/client/src/libwww.cpp
+++ b/code/ryzom/client/src/libwww.cpp
@@ -520,7 +520,7 @@
 
 // ***************************************************************************
 
-void setCurrentDomain(const std::string &url)
+const std::string &setCurrentDomain(const std::string &url)
 {
 	if(url.find("http://") == 0)
 	{
@@ -532,6 +532,7 @@
 		HTTPCurrentDomain.clear();
 //		nlinfo("****cd: clear the domain");
 	}
+	return HTTPCurrentDomain;
 }
 
 void initLibWWW()
diff --git a/code/ryzom/client/src/libwww.h b/code/ryzom/client/src/libwww.h
--- a/code/ryzom/client/src/libwww.h
+++ b/code/ryzom/client/src/libwww.h
@@ -35,7 +35,7 @@
 void initLibWWW();
 
 // Get an url and setup a local domain
-void setCurrentDomain(const std::string &url);
+const std::string &setCurrentDomain(const std::string &url);
 
 extern std::string CurrentCookie;
 
diff --git a/code/ryzom/client/src/net_manager.cpp b/code/ryzom/client/src/net_manager.cpp
--- a/code/ryzom/client/src/net_manager.cpp
+++ b/code/ryzom/client/src/net_manager.cpp
@@ -3253,7 +3253,7 @@
 			if(i != digitMaxEnd)
 			{
 				ucstring web_app = contentStr.substr(digitStart, i-digitStart);
-				contentStr = ucstring("http://atys.ryzom.com/start/")+web_app+ucstring(".php?")+contentStr.substr(i+1);
+				contentStr = ucstring("http://"+ClientCfg.WebIgMainDomain+"/start/")+web_app+ucstring(".php?")+contentStr.substr(i+1);
 			}
 			else
 			{