Return-Path: X-Original-To: apmail-flex-users-archive@www.apache.org Delivered-To: apmail-flex-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9490E11F95 for ; Thu, 18 Sep 2014 16:45:05 +0000 (UTC) Received: (qmail 29385 invoked by uid 500); 18 Sep 2014 16:45:05 -0000 Delivered-To: apmail-flex-users-archive@flex.apache.org Received: (qmail 29351 invoked by uid 500); 18 Sep 2014 16:45:05 -0000 Mailing-List: contact users-help@flex.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@flex.apache.org Delivered-To: mailing list users@flex.apache.org Received: (qmail 29340 invoked by uid 99); 18 Sep 2014 16:45:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Sep 2014 16:45:04 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of aharui@adobe.com designates 157.56.110.55 as permitted sender) Received: from [157.56.110.55] (HELO na01-bn1-obe.outbound.protection.outlook.com) (157.56.110.55) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Sep 2014 16:45:00 +0000 Received: from BL2PR02MB500.namprd02.prod.outlook.com (10.141.95.147) by BL2PR02MB291.namprd02.prod.outlook.com (10.141.90.148) with Microsoft SMTP Server (TLS) id 15.0.1029.13; Thu, 18 Sep 2014 16:44:38 +0000 Received: from BL2PR02MB500.namprd02.prod.outlook.com (10.141.95.147) by BL2PR02MB500.namprd02.prod.outlook.com (10.141.95.147) with Microsoft SMTP Server (TLS) id 15.0.1029.13; Thu, 18 Sep 2014 16:44:36 +0000 Received: from BL2PR02MB500.namprd02.prod.outlook.com ([10.141.95.147]) by BL2PR02MB500.namprd02.prod.outlook.com ([10.141.95.147]) with mapi id 15.00.1029.000; Thu, 18 Sep 2014 16:44:36 +0000 From: Alex Harui To: "users@flex.apache.org" Subject: Re: SecurityError when using img tag in HTML text Thread-Topic: SecurityError when using img tag in HTML text Thread-Index: AQHP0xg0Zvrmy25JRkqG6HaKBht5cJwGpBqA Date: Thu, 18 Sep 2014 16:44:36 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.4.4.140807 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.150.22.5] x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;UriScan:; x-forefront-prvs: 033857D0BD x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(51704005)(24454002)(377454003)(479174003)(189002)(199003)(92566001)(46102003)(74662003)(19580405001)(15395725005)(86362001)(107046002)(21056001)(85852003)(74502003)(50986999)(87936001)(83072002)(81542003)(79102003)(54356999)(106356001)(95666004)(76176999)(77982003)(101416001)(15202345003)(31966008)(85306004)(76482002)(80022003)(83506001)(106116001)(83322001)(2501002)(15975445006)(92726001)(2656002)(90102001)(4396001)(36756003)(107886001)(2351001)(64706001)(81342003)(66066001)(97736003)(19580395003)(99396002)(105586002)(110136001)(20776003);DIR:OUT;SFP:1101;SCL:1;SRVR:BL2PR02MB500;H:BL2PR02MB500.namprd02.prod.outlook.com;FPR:;MLV:sfv;PTR:InfoNoRecords;MX:1;A:1;LANG:en; Content-Type: text/plain; charset="us-ascii" Content-ID: <65D27BDEE3720648949EF5E6936F49FA@namprd02.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:; X-OriginatorOrg: adobe.com X-Virus-Checked: Checked by ClamAV on apache.org On 9/18/14 1:10 AM, "Evyatar Ben Halevi-Arbib" wrote: >Hello, > >We upgraded from Adobe Flex 4.5.1 to Apache Flex 4.12.1 and noticed a >problematic issue. >It renders HTML pretty well, considering the limitations, but since the >upgrade we often encounter the following exception being thrown when using >the img tag - > >SecurityError: Error #2122: Security sandbox violation: Loader.content: >http://mydomain.com/Client/myapplication.swf cannot access >http://differentdomain.com/image.png. A policy file is required, but the >checkPolicyFile flag was not set when this media was loaded. >at flash.display::Loader/get content() >at >flashx.textLayout.elements::InlineGraphicElement/loadCompleteHandler()[/Us >ers/aharui/git/flex/master/flex-tlf/textLayout/src/flashx/textLayout/eleme >nts/InlineGraphicElement.as:703] > >I tried investigating this and found that in TLF 2.0 a similar issue was >handled in build 203, where it say "Fix 2758185 Unhandled securityerror in >InlineGraphicElement Loader.load call". >This can be found in the following document - >https://svn.apache.org/repos/asf/flex/tlf/branches/3.0/ReleaseNotes.txt It would take some digging to figure out what that fix was. It may not be related to this problem. Your problem is because the code at line 703 of InlineGraphicElement.as looks like this: if(graphic is Loader && Loader(graphic).content !=3D null && Loader(graphic).content.hasOwnProperty("setActualSize") && (!widthIsComputed() || !heightIsComputed()) ) I think it should be: if(graphic is Loader && Loader(graphic).contentLoaderInfo.childAllowsParent && Loader(graphic).content !=3D null && Loader(graphic).content.hasOwnProperty("setActualSize") && (!widthIsComputed() || !heightIsComputed()) ) Maybe you can give that a try (monkey-patch the file) and let us know. -Alex