User Guide

ManualsBrandsMacromedia ManualsOtherFLEX 2-PROGRAMMING ACTIONSCRIPT 3.0

471

472

473

474

475

476

477

478

479

480

Cross-scripting 473

There are also restrictions on the removeChildAt() and swapChildrenAt() methods of the

Stage object, but these are different from the other restrictions. Rather than needing to be in

the same domain as the Stage owner, to call these methods code must be in the same domain

as the owner of the affected child object(s), or the child object(s) can call the

Security.allowDomain() method.

Traversing the display list

The ability of one SWF file to access display objects loaded from other sandboxes is restricted.

In order for a SWF file to access a display object created by another SWF file in a different

sandbox, the SWF file being accessed must call the

Security.allowDomain() method to

permit access by the domain of the accessing SWF file. For more information, see “Author

(developer) controls” on page 460.

To access a Bitmap object that was loaded by a Loader object, a cross-domain policy file must

exist on the origin server of the image file, and that cross-domain policy file must grant

permission to the domain of the SWF file trying to access the Bitmap object (see “Website

controls (cross-domain policy files)” on page 456).

The LoaderInfo object that corresponds to a loaded file (and to the Loader object) includes

the following three properties, which define the relationship between the loaded object and

the Loader object:

childAllowsParent, parentAllowsChild, and sameDomain.

Event security

Events related to the display list have security access limitations, based on the sandbox of the

display object that is dispatching the event. An event in the display list has bubbling and

capture phases (described in Chapter 13, “Handling Events,” on page 345). During the

bubbling and capture phases, an event migrates from the source display object through parent

display objects in the display list. If a parent object is in a different security sandbox than the

source display object, the capture and bubble phase stops below that parent object, unless

there is mutual trust between the owner of the parent object and the owner of the source

object. This mutual trust can be achieved by the following:

1. The SWF file that owns the parent object must call the Security.allowDomain() method

to trust the domain of the SWF file that owns the source object.

2. The SWF file that owns the source object must call the Security.allowDomain() method

to trust the domain of the SWF file that owns the parent object.

The LoaderInfo object that corresponds to a loaded file (and to the Loader object) includes

the following two properties, which define the relationship between the loaded object and the

Loader object:

childAllowsParent and parentAllowsChild.