[osflash] Loading content allowed outside security sandbox?
Till Schneidereit
tschneidereit at gmail.com
Tue Nov 20 10:31:12 PST 2007
Hi zuric,
Adobe didn't change anything.
The security sandbox doesn't prevent you from playing sounds,
displaying swf's and jpg's, etc.
You just can't access the data contained in the loaded files by
actionscript. In your example, you couldn't access the sound spectrum
data or (I think) the id3 tags of the loaded mp3.
Note that, starting with Flashplayer9/AS3, you can access the data if
you provide a proper crossdomain.xml on the server the file is loaded
from and set the checkPolicyFile parameter to true when loading.
For more info, see the following knowledgebase entry:
http://kb.adobe.com/selfservice/documentLink.do?micrositeId=MS_Customer&externalID=50c96388
cheers,
till
On Nov 20, 2007 2:08 PM, zuric <zurrix at gmail.com> wrote:
> that's another problem i have
> I am using Flex Builder beta 2 for building ActionScript Project
> but when you running the project in ActiveX plugin debug version for flash
> player
> It will waiting for Flash Player to connect to debugger
>
> I think maybe it's nothing matter with sandbox domain setting
>
>
>
>
> On 11/20/07, Arnoud Bos <a.bos9 at chello.nl> wrote:
> >
> >
> >
> >
> >
> >
> >
> > When i run it it asks where my debugger is located.
> >
> > It seems you put a debug flex swf online. Maybe it has something to do
> with it.
> >
> >
> >
> > Just a guess
> >
> >
> >
> > Arnoud
> >
> >
> >
> > ________________________________
>
> >
> > Van: osflash-bounces at osflash.org [mailto:osflash-bounces at osflash.org]
> Namens zuric
> > Verzonden: dinsdag 20 november 2007 7:04
> > Aan: Open Source Flash Mailing List
> > Onderwerp: [osflash] Loading content allowed outside security sandbox?
> >
> >
> >
> >
> >
> > I don't know if adobe had updated its flash player in sandbox security
> setting,
> >
> >
> > but I found I can load data from any address into my own swf, without
> policy file!!!
> >
> >
> >
> >
> >
> > In Adobe Flex 2 Help -> Flash Player Security ,
> >
> >
> > it said that:
> >
> >
> > If the loaded media is an image, audio, or video, its data, such as pixel
> data and sound data, cannot be accessed by a SWF file outside its security
> sandbox, unless the domain of that SWF file has been included in a
> cross-domain policy file at the origin domain of the media.
> >
> >
> >
> >
> >
> > But look at this test application,
> > http://zflash.blogbus.com/logs/10849764.html
> > input any sound file address you found in internet, and press button "GO"
> > you can play it!!
> >
> > Anyone can tell me why? because i can't find any information in Adobe's
> release notes.
> >
> >
> >
> http://www.adobe.com/support/documentation/en/flashplayer/9/releasenotes.html
> > _______________________________________________
> > osflash mailing list
> > osflash at osflash.org
> > http://osflash.org/mailman/listinfo/osflash_osflash.org
> >
> >
>
>
> _______________________________________________
> osflash mailing list
> osflash at osflash.org
> http://osflash.org/mailman/listinfo/osflash_osflash.org
>
>
More information about the osflash
mailing list