5 Replies Latest reply: Jan 10, 2013 12:25 AM by moccamaximum RSS

    Security sandbox violation on Air file

    sivacse24rep Community Member

      Hi,

       

      I have a air package called "test_sandBox" -->will be installed under " c:\program files\"

       

      this "test_sandBox" will load another swf from c:\test\samp.swf. on test_sandBox i wont write any other function in feature. If i want to add anything i will add the feature on samp.swf and i will udpate that in c:\test\. So at any cost am not in need to reinstall the air package again. i am not able to update the samp.swf on "c:\program files\"  due to some security issue on windows 7. So i decide to update the samp.swf on c:\test\

       

       

      the "test_sandBox.fla" have the following code

       

      import flash.display.Loader;

       

      init();

      var _defaultLoader:Loader;

      function init()

      {    _defaultLoader=new Loader();

          _defaultLoader.contentLoaderInfo.addEventListener(Event.COMPLETE, onGameLoadComplete, false, 0, true);       

          var urlRequest:URLRequest=new URLRequest("C:/digient_casino/samp.swf");

          _defaultLoader.load(urlRequest);

      }

       

      function onGameLoadComplete(e:Event)

      {

          mc.addChild(_defaultLoader.content);

          var mc1=MovieClip(_defaultLoader.content);

          mc1.updatePath("",stage);

      }

       

      the samp.fla have following code:

      import flash.events.Event;

       

      var stageObject:Object;

       

      function updatePath(path:String,sObj:Object)

      {

          stageObject=sObj;   

      }

       

      mc.buttonMode=true;

      mc.addEventListener(MouseEvent.CLICK,fullScreen);

       

      function  fullScreen(e:Event)

      {

           stageObject.displayState = StageDisplayState.FULL_SCREEN;

         // stage.displayState = StageDisplayState.FULL_SCREEN;

      }

       

       

      Issue:

       

      When i run the "test_sandBox" --> it load the samp.swf and when i press the full screen button on the samp.swf it shows the following error

       

      *** Security Sandbox Violation ***

      SecurityDomain 'file:///C:/test/samp.swf' tried to access incompatible context 'app:/test_sandBox.swf'

      SecurityError: Error #2070: Security sandbox violation: caller file:///C:/test/samp.swf cannot access Stage owned by app:/test_sandBox.swf.

          at flash.display::Stage/get nativeWindow()

          at flash.display::Stage/set displayState()

          at samp_fla::MainTimeline/fullScreen()

       

      How to solve this issue?

       

       

      Thanks,

      Siva

        • 1. Re: Security sandbox violation on Air file
          moccamaximum Community Member

          This article describes the problem you have run into:

          In short: Change the line

           

          _defaultLoader.load(urlRequest);

           

          to

           

          _defaultLoader.loadBytes(urlRequest);

           

          Make sure to read the article, why this workaround should only be used during development, since it poses a security risk.

          • 2. Re: Security sandbox violation on Air file
            sivacse24rep Community Member

            Yes i read the article. But when i use _defaultLoader.loadBytes(urlRequest); it says type conversion error. loadBytes should use the ByteArray. how to do that?

             

             

             

             

            Thanks,

            Siva

            • 3. Re: Security sandbox violation on Air file
              moccamaximum Community Member

              add this in your test_sandbox.fla/init

               

              var loaderContext: LoaderContext = new LoaderContext();
              loaderContext
              .allowLoadBytesCodeExecution = true;
              _defaultLoader.loaderContext = loaderContext;

               

              make sure to take care of necessary imports

               

              a complete code example can be found here

              • 4. Re: Security sandbox violation on Air file
                sivacse24rep Community Member

                Yes i dont it...but my question is how to use _defaultLoader.loadBytes(urlRequest); insted of _defaultLoader.load(urlRequest);

                 

                I have the path only : "C:/digient_casino/samp.swf" which is feed on urlRequest

                 

                but for loadBytes i cant user the urlRequest right? i need to give input as ByteArray. what i have is just the path of the swf...but for loadBytes what i need is byteArray....

                 

                how to do this? i can able to load the samp.swf using loader... there i can get the ByteArray then should i use the loadBytes again?

                 

                defaultLoader=new Loader();

                _defaultLoader.contentLoaderInfo.addEventListener(Event.COMPLETE, onGameLoadComplete, false, 0, true);       

                var urlRequest:URLRequest=new URLRequest"C:/test/samp.swf");

                _defaultLoader.load(urlRequest);

                 

                function onGameLoadComplete(e:Event)

                {

                    _defaultLoader.removeEventListener(Event.COMPLETE, onGameLoadComplete, false);

                   

                    var context:LoaderContext=new LoaderContext();

                   

                    context.allowLoadBytesCodeExecution = true;

                        

                    _defaultLoader.contentLoaderInfo.removeEventListener(Event.COMPLETE, onGameLoadComplete);   

                           

                    _defaultLoader.contentLoaderInfo.addEventListener(Event.COMPLETE, addThisChild, false, 0, true);

                    _defaultLoader.loadBytes(e.target.bytes, context);

                }

                 

                 

                Should i load like this...it seems loading the same swf for two times?

                • 5. Re: Security sandbox violation on Air file
                  moccamaximum Community Member

                  Here is a class that converts external swf to a ByteArray

                  But at this point it might be useful to look at your original request, which was only to go into fullscreen mode, when you click a button in your loaded swf that tries to access stage properties which are owned by your root.

                  There would be another possibility that would spare you this whole workaround.

                  If you might consider to move the actual fullscreen event to test_sandbox.fla, you should be good, and don`t run into trouble at all.

                  Dispatch a custom event when your button is clicked in your samp.swf

                  Make the test_sandBox.air listen for it

                  and then execute your fullscreenmode on the root of your app.

                  Just my 2 cents.