Here's the Proof-of-Concept of same origin bypass using white-space characters in host name. The idea behind the attack was explained in the bug submission. You might also have a look at Flash file source code.