ACTIONSCRIPT 3 Developer’s Guide en

ACTIONSCRIPT 3.0 DEVELOPER’S GUIDE
Security
Sandbox bridge example (HTML)
Adobe AIR 1.0 and later
In HTML content, the parentSandboxBridge and childSandboxBridge properties are added to the JavaScript
window object of a child document. For an example of how to set up bridge functions in HTML content, see “Setting
up a sandbox bridge interface” on page 997.
Limiting API exposure
Adobe AIR 1.0 and later
When exposing sandbox bridges, it's important to expose high-level APIs that limit the degree to which they can be
abused. Keep in mind that the content calling your bridge implementation may be compromised (for example, via a
code injection). So, for example, exposing a readFile(path:String) method (that reads the contents of an arbitrary
file) via a bridge is vulnerable to abuse. It would be better to expose a readApplicationSetting() API that doesn't
take a path and reads a specific file. The more semantic approach limits the damage that an application can do once
part of it is compromised.
More Help topics
“Cross-scripting content in different security sandboxes” on page 996
“The AIR application sandbox” on page 1034
Writing to disk
Adobe AIR 1.0 and later
Applications running in a web browser have only limited interaction with the user's local file system. Web browsers
implement security policies that ensure that a user's computer cannot be compromised as a result of loading web
content. For example, SWF files running through Flash Player in a browser cannot directly interact with files already
on a user's computer. Shared objects and cookies can be written to a user's computer for the purpose of maintaining
user preferences and other data, but this is the limit of file system interaction. Because AIR applications are natively
installed, they have a different security contract, one which includes the capability to read and write across the local
file system.
This freedom comes with high responsibility for developers. Accidental application insecurities jeopardize not only
the functionality of the application, but also the integrity of the user's computer. For this reason, developers should
read “Best security practices for developers” on page 1080.
AIR developers can access and write files to the local file system using several URL scheme conventions:
URL scheme Description
app:/ An alias to the application directory. Files accessed from this path are assigned the application sandbox and have
the full privileges granted by the runtime.
app-storage:/ An alias to the local storage directory, standardized by the runtime. Files accessed from this path are assigned a
non-application sandbox.
file:/// An alias that represents the root of the user's hard disk. A file accessed from this path is assigned an application
sandbox if the file exists in the application directory, and a non-application sandbox otherwise.
Note: AIR applications cannot modify content using the app: URL scheme. Also, the application directory may be read
only because of administrator settings.
Last updated 6/6/2012
1078