flex-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Harui (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLEX-34834) security error when using image tag in html
Date Wed, 06 May 2015 19:17:59 GMT

    [ https://issues.apache.org/jira/browse/FLEX-34834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14531226#comment-14531226
] 

Alex Harui commented on FLEX-34834:
-----------------------------------

>From the description, this may be expected behavior.  You can't manipulate images loaded
from another domain without permission of the serving domain.  It might work in debug mode
if your URL is using the default file:// scheme because that uses a different security model.
 You can configure your debugger to use http:// and probably will get the same results.

> security error when using image tag in html
> -------------------------------------------
>
>                 Key: FLEX-34834
>                 URL: https://issues.apache.org/jira/browse/FLEX-34834
>             Project: Apache Flex
>          Issue Type: Bug
>          Components: Spark: TextArea
>    Affects Versions: Apache Flex 4.14.0
>         Environment: windows
>            Reporter: ty ro
>
> SecurityError: Error #2122: Security sandbox violation: Loader.content: 
> http://mydomain.com/Client/myapplication.swf cannot access 
> http://differentdomain.com/image.png. A policy file is required, but the 
> checkPolicyFile flag was not set when this media was loaded. 
> at flash.display::Loader/get content() 
> at 
> flashx.textLayout.elements::InlineGraphicElement/loadCompleteHandler()[/Users/aharui/git/flex/master/flex-tlf/textLayout/src/flashx/textLayout/elements/InlineGraphicElement.as:703]

> The image actually loads successfully in-spite of the error, but it doesn't 
> being measured correctly, so the image can exceed the component's 
> boundaries and overlap the text after it. 
> using .swf debug on desktop does not reproduce this. using on browser does regardless
if it is debug release or build release.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message