O'Reilly logo

Essential ActionScript 3.0 by Colin Moock

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Handling Security Violations

Throughout this chapter we've seen a variety of security rules that govern a .swf file's ability to perform various ActionScript operations. When an operation fails because it violates a security rule, ActionScript 3.0 either throws a SecurityError exception or dispatches a SecurityErrorEvent.SECURITY_ERROR.

A SecurityError exception is thrown when an operation can immediately be judged to be in violation of a security rule. For example, if a local-with-filesystem .swf file attempts to open a socket connection, ActionScript immediately detects a security violation and throws a SecurityError exception.

By contrast, a SecurityErrorEvent.SECURITY_ERROR event is dispatched when, after waiting for some asynchronous task to complete, ActionScript deems an operation in violation of a security rule. For example, when a local-with-networking .swf file uses the URLLoader class's instance method load( ) to load a file from the remote realm, ActionScript must asynchronously check for a valid policy file authorizing the load operation. If the policy-file check fails, ActionScript dispatches a SecurityErrorEvent.SECURITY_ERROR event (note, not a SecurityError exception).

In the debug version of Flash Player, uncaught SecurityError exceptions and unhandled SecurityErrorEvent.SECURITY_ERROR events are easy to spot; every time one occurs, Flash Player launches a dialog box explaining the problem. By stark contrast, in the release version of Flash Player, uncaught SecurityError ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required