User Guide
474 Flash Player Security
For events that are dispatched from objects other than display objects, there are no security
checks or security-related implications.
Accessing loaded media as data
You access loaded data using methods such as BitmapData.draw() and
SoundMixer.computeSpectrum(). By default, a SWF file from one security sandbox cannot
obtain pixel data or audio data from graphic or audio objects rendered or played by loaded
media in another sandbox. However, you can use the following methods to grant this
permission:
■ In a loaded SWF file, call the Security.allowDomain() method to grant data access to
SWF files in other domains.
■ For a loaded image, sound, or video, add a cross-domain policy file on the server of the
loaded file. This policy file must grant access to the domain of the SWF file that is
attempting to call the
BitmapData.draw() or SoundMixer.computeSpectrum()
methods to extract data from the file.
The following sections provide details on accessing bitmap, sound, and video data.
Accessing bitmap data
The draw() method of a BitmapData object lets you draw the currently displayed pixels of
any display object to the BitmapData object. This could include the pixels of a MovieClip
object, a Bitmap object, or any display object. The following conditions must be met for the
draw() method to draw pixels to the BitmapData object:
■ In the case of a source object other than a loaded bitmap, the source object and (in the
case of a Sprite or MovieClip object) all of its child objects must come from the same
domain as the object calling the
draw() method, or they must be in a SWF file that is
accessible to the caller by having called the
Security.allowDomain() method.
■ In the case of a Loaded bitmap source object, the source object must come from the same
domain as the object calling the
draw() method, or its source server must include a cross-
domain policy file that grants permission to the calling domain.
If these conditions are not met, a SecurityError exception is thrown.