Table of Contents
Advertisement
There are also restrictions on the
Stage object, but these are different from the other restrictions. Rather than needing to be in
the same domain as the Stage owner, to call these methods code must be in the same domain
as the owner of the affected child object(s), or the child object(s) can call the
Security.allowDomain()
Traversing the display list
The ability of one SWF file to access display objects loaded from other sandboxes is restricted.
In order for a SWF file to access a display object created by another SWF file in a different
sandbox, the SWF file being accessed must call the
permit access by the domain of the accessing SWF file. For more information, see
(developer) controls" on page
To access a Bitmap object that was loaded by a Loader object, a cross-domain policy file must
exist on the origin server of the image file, and that cross-domain policy file must grant
permission to the domain of the SWF file trying to access the Bitmap object (see
controls (cross-domain policy files)" on page
The LoaderInfo object that corresponds to a loaded file (and to the Loader object) includes
the following three properties, which define the relationship between the loaded object and
the Loader object:
childAllowsParent
Event security
Events related to the display list have security access limitations, based on the sandbox of the
display object that is dispatching the event. An event in the display list has bubbling and
capture phases (described in
bubbling and capture phases, an event migrates from the source display object through parent
display objects in the display list. If a parent object is in a different security sandbox than the
source display object, the capture and bubble phase stops below that parent object, unless
there is mutual trust between the owner of the parent object and the owner of the source
object. This mutual trust can be achieved by the following:
1.
The SWF file that owns the parent object must call the
to trust the domain of the SWF file that owns the source object.
2.
The SWF file that owns the source object must call the
to trust the domain of the SWF file that owns the parent object.
The LoaderInfo object that corresponds to a loaded file (and to the Loader object) includes
the following two properties, which define the relationship between the loaded object and the
Loader object:
childAllowsParent
removeChildAt()
method.
460.
456).
,
parentAllowsChild
Chapter 13, "Handling Events," on page
and
parentAllowsChild
and
swapChildrenAt()
Security.allowDomain()
, and
sameDomain
345). During the
Security.allowDomain()
Security.allowDomain()
.
methods of the
method to
"Author
"Website
.
method
method
Cross-scripting
473
Advertisement
Chapters
Table of Contents
