I have a Flex4.5 application who run on Flash Player.
I'm uploading a swf file by FileReference controls, then preview it by SWFLoader controls.But I do not want the action script in uploaded swf can visit my action script in my Flex main application.How can I do?
If the AS is required to preview then the preview won’t work. But if you load the SWF from a different subdomain it will load into its own sandbox where the AS can do less damage, although some SWFs cannot run in a sandbox.
I've met the same problem.
If a local swf file is written to byte array by FileReference and assign the byte array to SWFLoader' source,
loaded swf runs at same sandbox as the main application.
So loaded swf can access main application' resource.That is a security risk.
Why locally loaded swf can access remotly loaded main application's resource?
Again, you can use allowCodeImport to block running script in the child.
Did you run your test from http:// The security rules are tighter there, and the loaded SWF should be calling from the main apps domain. It is my understanding that you’ve effectively done a WGET.
Europe, Middle East and Africa