Flash CS4 Resources
Accessing loaded media as data
You access loaded data using methods such as BitmapData.draw() and SoundMixer.computeSpectrum(). By default, a SWF file from one security sandbox cannot obtain pixel data or audio data from graphic or audio objects rendered or played by loaded media in another sandbox. However, you can use the following methods to grant this permission:
The following sections provide details on accessing bitmap, sound, and video data.
Accessing bitmap data
The draw() method of a BitmapData object lets you draw the currently displayed pixels of any display object to the BitmapData object. This could include the pixels of a MovieClip object, a Bitmap object, or any display object. The following conditions must be met for the draw() method to draw pixels to the BitmapData object:
If these conditions are not met, a SecurityError exception is thrown.
When you load the image using the load() method of the Loader class, you can specify a context parameter, which is a LoaderContext object. If you set the checkPolicyFile property of the LoaderContext object to true, Flash Player checks for a URL policy file on the server from which the image is loaded. If there is a policy file, and the file permits the domain of the loading SWF file, the file is allowed to access data in the Bitmap object; otherwise, access is denied.
You can also specify a checkPolicyFile property in an image loaded via an <img> tag in a text field. For details, see Loading SWF files and images using the <img> tag in a text field.
Accessing sound data
The following sound-related ActionScript 3.0 APIs have security restrictions:
Every sound has two kinds of sandboxes associated with it—a content sandbox and an owner sandbox:
When you load the sound using the load() method of the Sound class, you can specify a context parameter, which is a SoundLoaderContext object. If you set the checkPolicyFile property of the SoundLoaderContext object to true, Flash Player checks for a URL policy file on the server from which the sound is loaded. If there is a policy file, and the file permits the domain of the loading SWF file, the file is allowed to access the id property of the Sound object; otherwise, it will not. Also, setting the checkPolicyFile property can enable the SoundMixer.computeSpectrum() method for loaded sounds.
You can use the SoundMixer.areSoundsInaccessible() method to find out whether a call to the SoundMixer.stopAll() method would not stop all sounds because the sandbox of one or more sound owners is inaccessible to the caller.
Calling the SoundMixer.stopAll() method stops those sounds whose owner sandbox is the same as that of the caller of stopAll(). It also stops those sounds whose playback was started by SWF files that have called the Security.allowDomain() method to permit access by the domain of the SWF file calling the stopAll() method. Any other sounds are not stopped, and the presence of such sounds can be revealed by calling the SoundMixer.areSoundsInaccessible() method.
Calling the computeSpectrum() method requires that every sound that is playing be either from the same sandbox as the object calling the method or from a source that has granted permission to the caller's sandbox; otherwise, a SecurityError exception is thrown. For sounds that were loaded from embedded sounds in a library in a SWF file, permission is granted with a call to the Security.allowDomain() method in the loaded SWF file. For sounds loaded from sources other than SWF files (originating from loaded mp3 files or from video files), a URL policy file on the source server grants access to data in loaded media. You cannot use the computeSpectrum() method if a sound is loaded from RTMP streams.
Accessing video data
You can use the BitmapData.draw() method to capture the pixel data of the current frame of a video.
There are two different kinds of video:
You cannot use the BitmapData.draw() method to access RTMP video.
When you call the BitmapData.draw() method with progressive video as the source parameter, the caller of BitmapData.draw() must either be from the same sandbox as the FLV file, or the server of the FLV file must have a policy file that grants permission to the domain of the calling SWF file. You can request that the policy file be downloaded by setting the checkPolicyFile property of the NetStream object to true.