flex-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ty ro (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLEX-34834) security error when using image tag in html
Date Thu, 07 May 2015 03:31:00 GMT

    [ https://issues.apache.org/jira/browse/FLEX-34834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14531930#comment-14531930
] 

ty ro commented on FLEX-34834:
------------------------------

okay. after spending hours trying to get the sdk to compile i've fixed it but its not a real
patch, more like a quick fix. 

long story short, the permission error is just a red herring. the real problem is that event.complete
is firing before the file has actually completed loaded which means when loadcompletehandler
fires, theres nothing for it to work with quite yet.

"            loaderInfo.addEventListener(Event.COMPLETE,loadCompleteHandler,false,0,true);
  " should be line 742 or close to it

the temporary fix is simply to do this is to encasupulate some of the code in the  loadcompletehandler
function
 in  a for loop that will act as  a rudementary timer and delay  the code from firing before
the loader has completed loading

callLater sure would come in handy here.

btw this bug is present in all versions of apache flex sdk that use the textlayout framework
3 

my hotfixed loadcompletehandler:
"     private function loadCompleteHandler(e:Event):void
        {           
            CONFIG::debug { Debugging.traceFTECall(null,null,"loadCompleteHandler",this);
}
            removeDefaultLoadHandlers(graphic as Loader);
            CONFIG::debug { assert(okToUpdateHeightAndWidth == false,"invalid call to loadCompleteHandler");
}
		       for (var i:int = 0;i<30000;i++)
                {
if (i == 29900){                	 

			 okToUpdateHeightAndWidth = true;
			
            var g:DisplayObject = graphic;
            _measuredWidth = g.width;
            _measuredHeight = g.height;
            
			//bug #2931005 TLF cannot show Flex SWF after loading it as an ILG
			if(graphic is Loader && Loader(graphic).content != null && Loader(graphic).content.hasOwnProperty("setActualSize")
&& (!widthIsComputed() || !heightIsComputed()) )
				Object(Loader(graphic).content).setActualSize(elementWidth, elementHeight);
			else
			{
				if (!widthIsComputed())
                	g.width  = elementWidth;
            	if (!heightIsComputed())
                	g.height = elementHeight;
			}
			
            if (e is IOErrorEvent)
                changeGraphicStatus(e);
            else if (widthIsComputed() || heightIsComputed())
            {
                g.visible = false;
                // triggers a delayedElementUpdate
                changeGraphicStatus(InlineGraphicElementStatus.SIZE_PENDING);
            }
            else
                changeGraphicStatus(LOAD_COMPLETE);
        }}}"




> security error when using image tag in html
> -------------------------------------------
>
>                 Key: FLEX-34834
>                 URL: https://issues.apache.org/jira/browse/FLEX-34834
>             Project: Apache Flex
>          Issue Type: Bug
>          Components: Spark: TextArea
>    Affects Versions: Apache Flex 4.14.0
>         Environment: windows
>            Reporter: ty ro
>
> SecurityError: Error #2122: Security sandbox violation: Loader.content: 
> http://mydomain.com/Client/myapplication.swf cannot access 
> http://differentdomain.com/image.png. A policy file is required, but the 
> checkPolicyFile flag was not set when this media was loaded. 
> at flash.display::Loader/get content() 
> at 
> flashx.textLayout.elements::InlineGraphicElement/loadCompleteHandler()[/Users/aharui/git/flex/master/flex-tlf/textLayout/src/flashx/textLayout/elements/InlineGraphicElement.as:703]

> The image actually loads successfully in-spite of the error, but it doesn't 
> being measured correctly, so the image can exceed the component's 
> boundaries and overlap the text after it. 
> using .swf debug on desktop does not reproduce this. using on browser does regardless
if it is debug release or build release.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message