User Guide

ManualsBrandsMacromedia ManualsOtherFLEX 2-PROGRAMMING ACTIONSCRIPT 3.0

461

462

463

464

465

466

467

468

469

470

464 Flash Player Security

Restricting networking APIs

You can control a SWF file’s access to network functionality by setting the allowNetworking

parameter in the

content.

Possible values of

allowNetworking are:

■ "all" (the default)—All networking APIs are permitted in the SWF.

■ "internal"—The SWF file may not call browser navigation or browser interaction APIs,

listed later in this section, but it may call any other networking APIs.

■ "none"—The SWF file may not call browser navigation or browser interaction APIs,

listed later in this section, and it cannot use any SWF-to-SWF communication APIs, also

listed later.

Calling a prevented API throws a SecurityError exception.

To set the

allowNetworking parameter, in the <object> and <embed> tags in the HTML

page that contains a reference the SWF file, add the

allowNetworking parameter and set its

value, as shown in the following example:

codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/

swflash.cab#version=9,0,18,0"

width="600" height="400" id="test" align="middle">

width="600" height="400"

name="test" align="middle" type="application/x-shockwave-flash"

pluginspage="http://www.macromedia.com/go/getflashplayer" />

</object>

An HTML page may also use a script to generate SWF-embedding tags. You need to alter the

script so that it inserts the proper

allowNetworking settings. HTML pages generated by

Flash and Flex Builder use the

AC_FL_RunContent() function to embed references to SWF

files, and you need to add the

allowNetworking parameter settings to the script, as in the

following:

AC_FL_RunContent( ... "allowNetworking", "none", ...)

The following APIs are prevented when allowNetworking is set to "internal":

■ navigateToURL()

■ fscommand()

■ ExternalInterface.call()