4 Replies Latest reply on Dec 7, 2011 11:20 AM by DMcQ

    allowCodeImport has to be true?

    DMcQ Level 1

      This might be a really easy one for those of you more practiced in loading swfs.


      If you have a swf read into memory, and you want to set a <s:swfLoader/> 's source to your swf's bytearray, do you have to use allowCodeImport=true?


      It seems that's the only way I can get my code to work. Essentially, in my AIR app I'm reading in a bunch of swfs from file as ByteArrays, and then setting a swfLoader's source to the byte array of a certain swf when selected by the user. This only seems to work if the LoaderContext's allowCodeImport is set to true. (There are some reasons why I load the swfs this way rather than setting the swfLoader's source to the swf's file path.)


      So is there a way to do this without setting allowCodeImport to true?

      Thanks for your thoughts!

        • 1. Re: allowCodeImport has to be true?
          Flex harUI Adobe Employee

          If you follow the rules of the Marshall Plan and load sub-applications, you shouldn’t need to use bytearrays and allowCodeImport.  Otherwise, I don’t know of any other way.

          • 2. Re: allowCodeImport has to be true?
            DMcQ Level 1

            Thanks Alex.


            I might be wrong but in the Marshall Plan there's no way described to load arbitrary swfs and completely disable the code (if, for instance, you just want to display the graphic asset in the swf).


            It seems like the most you can do to restrict a swf is load it into a sandbox...is that true?


            Thanks again for your thoughts



            • 3. Re: allowCodeImport has to be true?
              Flex harUI Adobe Employee

              That’s correct.  The idea is to run loaded code in a sandbox.  If you are just trying to pull assets from a SWF, why is there code that you need to run?

              • 4. Re: allowCodeImport has to be true?
                DMcQ Level 1



                My motivation is to visually display an arbitrary swf (perhaps some user exported an Illustrator file as a swf, or created on in Flash CS5, etc.) without worrying about arbitrary and perhaps malicious code. So it's best to make sure no code can run. But it seems like what you're saying is that the best option is to rely on the sandbox restrictions.


                Ideally, it would be better to use FXG as some kind of transfer format for visual images, but unfortunately it's not easy to just load FXG at runtime. Hence the use of the swf format.