Security Sandbox #2123)

Http://www.flashj.cn/wp/securityerror-2123.html

The first Security Sandbox note.
Because the Security Sandbox has plagued many people, it is a common problem.
This afternoon I encountered a 2123 error.

Crime scene

A list of Flash pages must support gravatar portraits
(Gravatar's cross-origin policy file is in the http://www.gravatar.com/avatar/crossdomain.xml)
I encountered a Security Sandbox conflict when loading the picture pictures they provided. The error message is:

Securityerror: Error #2123: Security Sandbox conflict: loader. Content: http: // www. **********/lib.swf cannot access the http://www.gravatar.com/avatar/3b3be63a4c2a439b013787721dfce802.jpg? S = 26 & D = monsterid. Unauthorized access to any policy file.
At flash. display: loader/get content ()
At org. mousebomb. srcloader: swfloader/onloadcomplete ()

At first, I thought it was a crossdomain file. I added security. loadpolicyfile ("http://www.gravatar.com/avatar/crossdomain.xml"). The attempt is invalid.
Actually, this is not necessary-I just want to publish it to the website and then read and display images across domains. This is directly in the remote network domain.Allow read-only access to audio/video media content.

Culprit

Later, I wrote a file and tested it with loader to read and display images normally.
In this case, the cause of the original security error is that the resource loader used by me throws this visual object every time the loader is loaded in the final unit of the resource pool, then unload to accept the new task again.
Code snippet:

1. _ Isfree = true;
2. VaR _ loadeddata: displayobject = _ loader. content;
3. _ Loader. Unload ();
4. VaR outevent: srcloaderevent = new srcloaderevent (srcloaderevent. Complete, {key: _ key, type: _ type, data: _ loadeddata });
5. This. dispatchevent (outevent );

This way, the visual object (error occurs in the _ loader. Content sentence) is viewed by Flash Player as "cross-Origin data processing", which violates the read-only permission and is not allowed.

Solution

This part is replaced with loader to load the display.
To display and read cross-origin audio/video media objects, you can only use loader as a container.

[Supplement 11.8]

According to my understanding, if you want to process images in the remote network domain (such as draw), as long as the Cross-Domain Policy file on the server indicates that it is allowed, and loadercontext can read the policy file, but in fact, it still cannot be operated.
Maybe I don't know enough about the security policy. Although the last problem was solved, I did not study it in depth.

Today, a pickgliss platform is in the group. To solve the problem, it is proposed that the image loaded by loader cannot be draw or bitmapdata cannot be operated in this way:
First, use urlloader to load the image in binary mode, and then use loader. loadbytes to load the image as the Display object.
I added the draw bitmap and smoothing to the end of the test, which is indeed feasible!

Note: This method applies when the remote server has a cross-domain security policy to grant permissions, but the displayed object still cannot be operated. It is not applicable to situations where there is no cross-domain security policy or the policy file is not allowed.

Example of how to bypass security errors::

1. Package
2. {
3. Import flash. display. Bitmap;
4. Import flash. display. bitmapdata;
5. Import flash. display. displayobject;
6. Import flash. display. loader;
7. Import flash. display. Sprite;
8. Import flash. Events. event;
9. Import flash.net. urlloader;
10. Import flash.net. urlloaderdataformat;
11. Import flash.net. URLRequest;
12. Import flash. utils. bytearray;
13.  
14. Public class test extends Sprite
15. {
16. Public Function Test ()
17. {
18. VaR Req: URLRequest = newurlrequest ("http://uc.discuz.net/data/avatar/001/29/18/69_avatar_middle.jpg ");
19. VaR Loader: urlloader = new urlloader (req );
20. Loader. dataformat = urlloaderdataformat. Binary;
21. Loader. addeventlistener (event. Complete, _ complete );
22. }
23.  
24. Private function _ complete (E: Event): void
25. {
26. VaR data: bytearray = e.tar get. Data;
27. VaR Loader: loader = new loader ();
28. Loader. contentloaderinfo. addeventlistener (event. Complete, imagedatacomplete );
29. Loader. loadbytes (data );
31. }
32.  
33. Private function imagedatacomplete (E: Event): void
34. {
35. VaR Dio: displayobject = e.tar get. content;
36. VaR BMP: bitmap = new Bitmap (New bitmapdata (DIO. Width, Dio. Height), "Auto", true );
37. BMP. bitmapdata. Draw (DIO );
38. BMP. x = 100;
39. BMP. Y = 100;
40. BMP. width = 50;
41. BMP. Height = 50;
42. Addchild (BMP );
43. }
44. }
45. }