Content not assigned to the application sandbox can provide
additional scripting functionality to an AIR application, but only
if it meets the security criteria of the runtime. This section explains
the AIR security contract with non-application content.
AIR applications restrict scripting access for non-application
content more stringently than the Flash Player browser plug-in restricts
scripting access for untrusted content. For example, in Flash Player
in the browser, a SWF file can call the
System.allowDomain()
method
to grant scripting access to any SWF content loaded from a specified
domain. Calls to this method are not permitted for content in the
AIR application security sandbox, since it would grant unreasonable
access to the non-application file into the user’s file system.
AIR applications that script between application and non-application
content have more complex security arrangements. Files that are
not in the application sandbox are only allowed to access the properties
and methods of files in the application sandbox through the use
of a
sandbox bridge
. A sandbox bridge acts as a gateway between
application content and non-application content, providing explicit
interaction between the two files. When used correctly, sandbox
bridges provide an extra layer of security, restricting non-application content
from accessing object references that are part of application content.
The benefit of sandbox bridges is best illustrated through example.
Suppose an AIR music store application wants to provide an API to
advertisers who want to create their own SWF files, with which the
store application can then communicate. The store wants to provide
advertisers with methods to look up artists and CDs from the store,
but also wants to isolate some methods and properties from the third-party
SWF file for security reasons.
A sandbox bridge can provide this functionality. By default,
content loaded externally into an AIR application at runtime does
not have access to any methods or properties in the main application.
With a custom sandbox bridge implementation, a developer can provide
services to the remote content without exposing these methods or
properties. The sandbox bridge provides a limited pathway between
trusted and untrusted content.
For full details on using sandbox bridges, see:
-
For ActionScript (Flash and Flex) developers, see
AIR Security
in the ActionScript 3.0
Developer’s Guide.
-
For Ajax developers, see
AIR Security
in the HTML Developer’s
Guide for Adobe AIR.
