I want to allow users to create libraries of shapes for my application. These shapes will be saved as swfs and displayed in my application by loading each swf into an Image control.
However, I'm concerned about malicious code embedded in a swf. When loading a swf into an Image control, is there a way to disable all actionscript such that the *only* function of the swf is to show its graphic contents?
Thanks for any thoughts.
If you place untrusted swfs on a different domain, they can’t do much damage with their AS code.
Thanks for the reply Alex.
I should have mentioned that this is an AIR app, and that swfs will be a part of a "library" of shapes contained in a .zip file (i.e. an xml file to describe library and then individual swfs for each shape).
Does your comment about domains still apply?
In AIR, folders matter. Any SWFs not in the application directory get loaded into a sandbox and can’t do much damage.