694 Understanding Security
■ Can interact with other local-with-file-system files, but includes restrictions to
the following:
■ Cross-scripting (such as ActionScript access to objects in other SWF files).
■ Calling System.security.allowDomain
■ Using LocalConnection as sender or listener and regardless of
LocalConnection.allowDomain handlers.
Local-with-file-system SWF files have read access to known files on the local file system.
For example, you can use
XML.load() in a local-with-file-system SWF file as long as you
load from the local file system and not the Internet.
■ Local-with-file-system SWF files cannot communicate with HTML pages, which includes
the following:
■ Inbound scripting (such as ExternalInterface API, ActiveX, LiveConnect, and
XPConnect)
■ Outbound scripting (such as custom fscommand calls, and
getURL("javascript:..."))
About domains, cross-domain security,
and SWF files
By default, Flash Player 7 and later versions prevent a SWF file served from one domain from
reading data, objects, or variables from SWF files that are served from different domains. In
addition, content that is loaded through nonsecure (non-HTTPS) protocols cannot read
content loaded through a secure (HTTPS) protocol, even when both are in exactly the same
domain. For example, a SWF file located at http://www.macromedia.com/main.swf cannot
load data from https://www.macromedia.com/data.txt without explicit permission; neither
can a SWF file served from one domain load data (using
loadVars(), for example) from
another domain.
Identical numeric IP addresses are compatible. However, a domain name is not compatible
with an IP address, even if the domain name resolves to the same IP address.
NOTE
Local-with-file-system SWF files can interact with other local-with-file-system,
non-network SWF files. However, they cannot interact with local-with-network
SWF files.
NOTE
An exception to this is if the HTML page is trusted.
To Next Page
Loading...