|Published (Last):||9 July 2005|
|PDF File Size:||1.61 Mb|
|ePub File Size:||15.27 Mb|
|Price:||Free* [*Free Regsitration Required]|
Loading HTML content from a string. You can use these events to determine when it is safe to interact with the loaded page. By default, content loaded via the loadString method is placed in a non-application sandbox with the following characteristics:.
It has access to load content from the network but not from the file system. The window. The content cannot access the window. In AIR 1. When this property is set to true for an HTMLLoader object, content loaded via the loadString method is placed in the application sandbox.
The default value is false. This gives content loaded via the loadString method access to the window. If you set this property to true , ensure that the data source for a string used in a call to the loadString method is trusted. Code statements in the HTML string are executed with full application privileges when this property is set to true. Only set this property to true when you are certain that the string cannot contain harmful code.
In applications compiled with the AIR 1. For security reasons, content from other sources do not. Because there are security loopholes that can be exploited through calling the eval function and related APIs , content installed with the application, by default, is restricted from using these methods. However, some Ajax frameworks use the calling the eval function and related APIs.
To properly structure content to work in an AIR application, you must take into account the rules for the security restrictions on content from different sources. Content from different sources is placed in separate security classifications, called sandboxes see Security sandboxes.
By default, content installed with the application is installed in a sandbox known as the application sandbox, and this grants it access to the AIR APIs. The application sandbox is generally the most secure sandbox, with restrictions designed to prevent the execution of untrusted code.
The runtime allows you to load content installed with your application into a sandbox other than the application sandbox. Content in non-application sandboxes operates in a security environment similar to that of a typical web browser. For example, code in non-application sandboxes can use eval and related methods but at the same time is not allowed to access the AIR APIs. The runtime includes ways to have content in different sandboxes communicate securely without exposing AIR APIs to non-application content, for example.
Specifies whether authentication requests should be handled true or not false for HTTP requests issued by this object. If false , authentication challenges return an HTTP error. Specifies whether successful response data should be cached for HTTP requests issued by this object. The height, in pixels, of the HTML content.
Subscribe to RSS
Loading HTML content from a string. You can use these events to determine when it is safe to interact with the loaded page. By default, content loaded via the loadString method is placed in a non-application sandbox with the following characteristics:. It has access to load content from the network but not from the file system.