声明式和编程式 SWFLoader
声明式 SWFLoader 和编程式 SWFLoader 在安全性方面有何区别? 在 ff 中。 代码中,loader1 抛出安全异常,而 loader2 则不会。
public someFunction(source:String):void
{
var loader1:SWFLoader = new SWFLoader();
loader1.load(source);
loader2.source = source;
}
...
<mx:SWFLoader id="loader2"/>
What's the difference in terms of security between declarative and programmatic SWFLoaders? In the ff. code, loader1 throws a security exception while loader2 does not.
public someFunction(source:String):void
{
var loader1:SWFLoader = new SWFLoader();
loader1.load(source);
loader2.source = source;
}
...
<mx:SWFLoader id="loader2"/>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为在安全性方面没有任何区别。 请记住,在实际编译开始之前,MXML 会被 mxmlc 编译器转换为 ActionScript,因此声明性 SWFLoader(或任何其他声明性元素,就此而言)只是创建某些内容的快捷方式手动编码。 您可以使用 -compiler.keep- generated-actionscript mxmlc 参数来查看从 MXML 生成的代码类型。
在该示例中,您在 loader2.source = source; 行中没有看到运行时错误的原因是,由于上一行代码调用了错误,因此该函数的执行会在那里停止。 尝试注释掉调用
loader1.load(source)
的行,您将看到下一行抛出此类 SecurityError:I don't think there is any difference in terms of security. Remember, MXML gets converted to ActionScript by the mxmlc compiler before the actual compilation commences, so a declarative SWFLoader (or any other declarative element, for that matter) is just a short-hand way of creating something instead of coding it by hand. You can use the
-compiler.keep-generated-actionscript
mxmlc argument to see what kind of code gets generated from your MXML.And the reason you're not seeing a runtime error from the
loader2.source = source;
line in that example is that since the previous line of code invokes an error, the execution of that function stops there. Try commenting out the line where you callloader1.load(source)
and you'll see the next line throw this kind of a SecurityError: