声明式和编程式 SWFLoader

发布于 2024-07-07 04:09:55 字数 297 浏览 5 评论 0原文

声明式 SWFLoader 和编程式 SWFLoader 在安全性方面有何区别？在 ff 中。代码中，loader1 抛出安全异常，而 loader2 则不会。

public someFunction(source:String):void
{
  var loader1:SWFLoader = new SWFLoader();
  loader1.load(source);

  loader2.source = source;
}

...

<mx:SWFLoader id="loader2"/>

原文

What's the difference in terms of security between declarative and programmatic SWFLoaders? In the ff. code, loader1 throws a security exception while loader2 does not.

public someFunction(source:String):void
{
  var loader1:SWFLoader = new SWFLoader();
  loader1.load(source);

  loader2.source = source;
}

...

<mx:SWFLoader id="loader2"/>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

太傻旳人生 2024-07-14 04:09:55

我认为在安全性方面没有任何区别。请记住，在实际编译开始之前，MXML 会被 mxmlc 编译器转换为 ActionScript，因此声明性 SWFLoader（或任何其他声明性元素，就此而言）只是创建某些内容的快捷方式手动编码。您可以使用 -compiler.keep- generated-actionscript mxmlc 参数来查看从 MXML 生成的代码类型。

在该示例中，您在 loader2.source = source; 行中没有看到运行时错误的原因是，由于上一行代码调用了错误，因此该函数的执行会在那里停止。尝试注释掉调用 loader1.load(source) 的行，您将看到下一行抛出此类 SecurityError：

SecurityError: Error #2148: SWF file http://example.com/test.swf cannot access local resource file:///Users/username/Desktop/picture.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
    at flash.display::Loader/_load()
    at flash.display::Loader/load()
    at mx.controls::SWFLoader/loadContent()
    at mx.controls::SWFLoader/load()
    at mx.controls::SWFLoader/commitProperties()
    at mx.core::UIComponent/validateProperties()
    at mx.managers::LayoutManager/validateProperties()
    at mx.managers::LayoutManager/doPhasedInstantiation()
    at Function/http://adobe.com/AS3/2006/builtin::apply()
    at mx.core::UIComponent/callLaterDispatcher2()
    at mx.core::UIComponent/callLaterDispatcher()

I don't think there is any difference in terms of security. Remember, MXML gets converted to ActionScript by the mxmlc compiler before the actual compilation commences, so a declarative SWFLoader (or any other declarative element, for that matter) is just a short-hand way of creating something instead of coding it by hand. You can use the -compiler.keep-generated-actionscript mxmlc argument to see what kind of code gets generated from your MXML.

And the reason you're not seeing a runtime error from the loader2.source = source; line in that example is that since the previous line of code invokes an error, the execution of that function stops there. Try commenting out the line where you call loader1.load(source) and you'll see the next line throw this kind of a SecurityError:

SecurityError: Error #2148: SWF file http://example.com/test.swf cannot access local resource file:///Users/username/Desktop/picture.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
    at flash.display::Loader/_load()
    at flash.display::Loader/load()
    at mx.controls::SWFLoader/loadContent()
    at mx.controls::SWFLoader/load()
    at mx.controls::SWFLoader/commitProperties()
    at mx.core::UIComponent/validateProperties()
    at mx.managers::LayoutManager/validateProperties()
    at mx.managers::LayoutManager/doPhasedInstantiation()
    at Function/http://adobe.com/AS3/2006/builtin::apply()
    at mx.core::UIComponent/callLaterDispatcher2()
    at mx.core::UIComponent/callLaterDispatcher()

回复收藏 0 原文

~没有更多了~