Table of Contents
Advertisement
Version 6. Cross-domain scripting security is introduced. By default, Flash Player forbids
cross-domain scripting;
whether two files are in the same domain, Flash Player uses each file's superdomain, which is
the exact host name from the file's URL, minus the first segment, down to a minimum of two
segments. For example, the superdomain of www.mysite.com is mysite.com. This example
would permit SWF files from www.mysite.com and store.mysite.com to script each other
without calling
System.security.allowDomain()
Version 7. Superdomain matching is changed to exact domain matching. Two files are
permitted to script each other only if the host names in their URLs are identical; otherwise, a
call to
System.security.allowDomain()
HTTPS URLs are no longer permitted to script files loaded from HTTPS URLs, even if the
files are loaded from the exactly the same domain. This restriction helps protect HTTPS files,
because a non-HTTPS file is vulnerable to modification during download, and a maliciously
modified non-HTTPS file could corrupt an HTTPS file, which is otherwise immune to such
tampering.
System.security.allowInsecureDomain()
SWF files that are being accessed to voluntarily disable this restriction, but Macromedia
recommends against using
Version 8. Two major areas of change:
Calling
System.security.allowDomain()
if the SWF file being accessed is the SWF file that called
System.security.allowDomain()
System.security.allowDomain()
versions, calling
System.security.allowDomain()
where the SWF file being accessed could be any SWF file in the same domain as the SWF
file that called
System.security.allowDomain()
System.security.allowDomain()
calling SWF file.
Support has been added for wildcard values with
and
System.security.allowInsecureDomain("*")
cross-scripting operations where the accessing file is any file at all, loaded from anywhere.
Think of the wildcard as a global permission. Wildcard permissions can be useful in
general, and in particular they are required to enable certain kinds of operations under the
new local file security rules in Flash Player 8. Specifically, for a local SWF file with
network-access permissions to script a SWF file on the Internet, the Internet SWF file
being accessed must call
of a local SWF file is unknown. (If the Internet SWF file being accessed is loaded from an
HTTPS URL, the Internet SWF file must instead call
System.security.allowInsecureDomain("*")
System.security.allowDomain()
is required. By default, files loaded from non-
System.security.allowInsecureDomain()
. In other words, a SWF file that calls
now permits access only to itself. In previous
previously opened up the entire domain of the
System.security.allowDomain("*")
can permit it. To determine
.
is introduced to allow HTTPS
now permits cross-scripting operations only
permitted cross-scripting operations
. Calling
System.security.allowDomain("*")
. The wildcard (*) value permits
, reflecting that the origin
.)
security (System.security) 1059
.
- Quick Links:
- Compiler Directives
Hide quick links:
Advertisement
Table of Contents
Related Manuals for MACROMEDIA FLASH 8-ACTIONSCRIPT 2.0 LANGUAGE
Related Products for MACROMEDIA FLASH 8-ACTIONSCRIPT 2.0 LANGUAGE
- MACROMEDIA DREAMWEAVER 8-EXTENDING DREAMWEAVER
- MACROMEDIA DREAMWEAVER 8-GETTING STARTED WITH DREAMWEAVER
- MACROMEDIA DREAMWEAVER 8-DREAMWEAVER API
- MACROMEDIA FIREWORKS 8-USING FIREWORKS
- MACROMEDIA FLASH 8-DEVELOPING FLASH LITE 2.X
- MACROMEDIA FLASH 8-INTRODUCTION TO FLASH LITE 2.X ACTIONSCRIPT
- MACROMEDIA FLASH 8-LEARNING FLASH LITE 1.X ACTIONSCRIPT
- MACROMEDIA FLASH 8-COMPONENTS LANGUAGE
- MACROMEDIA STUDIO 8-EXPLORING STUDIO 8
- MACROMEDIA DREAMWEAVER 8
- MACROMEDIA FLASH MEDIA SERVER 2-CLIENT-SIDE ACTIONSCRIPT LANGUAGE REFERENCE FOR FLASH MEDIA SERVER 2
- MACROMEDIA FLASH MEDIA SERVER 2-SERVER MANAGEMENT ACTIONSCRIPT LANGUAGE
- MACROMEDIA FLASH MEDIA SERVER 2-SERVER-SIDE ACTIONSCRIPT LANGUAGE
- MACROMEDIA FLASH MX 2004-ACTIONSCRIPT LANGUAGE
- MACROMEDIA 38000382 - Macromedia JRun - Mac
- MACROMEDIA 38028779 - Macromedia Dreamweaver - Mac