Skip to main content
A
Anonymous
October 18, 2011
Question

Loading external SWFs into an Adobe AIR application - Best practices??

  • October 18, 2011
  • 1 reply
  • 2421 views

I've recently been slated with a task to port an existing Flash Player-base game to a desktop app for publication on the Steam platform. The Adobe AIR framework seems like a logical choice for distribution, especially given the latest updates in AIR 3. Given the fact that I'm relatively new to flash/flex development, I've read through a fair amount of AIR documentation on the Adobe site in order to gain a better understanding of what the task involves. In general, I think I have a decent idea of what needs to happen, but there are a couple of wrinkles that may affect if/how it is even possible to port to the AIR framework:

  1. The AIR application will need to load the actual game client from an external server due to the quick turnaround time of the client development.
  2. Since the AIR application will be deployed on Steam, I want to use the Captive Runtime bundling that's available in AIR 3.0, i.e. no need for the user to 'OK' a separate AIR installation.
  3. Have minimal impact on code changes within the external SWF as I'm not the primary developer of the game.

My first priority is to figure out the best approach for loading an external game client SWF into an AIR application. Initially, I tried to utilize Loader.load(), but that resulted in the following exception:

SecurityError: Error #2070: Security sandbox violation: caller http://localhost/MyClient.swf cannot access Stage owned by app:/AS3_AIRTest.swf.

          at flash.media::SoundMixer$/set soundTransform()

          at com.company.client.sound::SFXManager$/load()

          at global/client.util::loadEmbeddedSounds()

          at MyClient()

The offending code is:

static public function load():void {

          SoundMixer.soundTransform =

                    new SoundTransform(Client.Settings.PlaySFX ? 1 : 0);

}

Upon hitting this exception, I decided to read up a bit more on the AIR / Flash player security domains. I have a much clearer understanding of why the exception occurred, but I'm still uncertain what the best approach would be to load the SWF and not receive the exception above.

After scouring through numerous posts on various forums, I found that a number of developers use Loader.loadBytes() to bring the SWF into the application sandbox. From an ease of implementation standpoint, I can see why many choose to go that route; however, I'm not inclined to pursue that approach due the potential dangers to user systems in the event that the external server is compromised.

The second approach that I've read about is that I can utilize a sandbox script bridge, and write an interface to grant certain privileges to the external client SWF. I'm hesitant to go this route at the moment because the game client is fairly complex, and I'm not entirely certain how much access it will require of the stage via different flash APIs. I haven't written this approach off as it sounds like it may be the best bet, but it could potentially be a large endeavor and I want to have minimal impact on the client SWF.

The final approach I've read about is by making an HTML AIR application. My understanding (sketchy at best) is that a SWF loaded via HTML (I believe in a frame/iframe) will have its own stage. My line of thinking is that if the HTML app loads a main page, which in turn has an iframe with SWF embed of the game client, then the client SWF will load in a remote security sandbox and have access to its own stage. My hope is that the SWF would behave as it does in the Flash Player.

This leads me to the following questions:

  1. Is my line of thinking correct about the HTML app?
    1. Would the client SWF have access to its own stage and pretty much behave like it does in the Flash Player?
  2. Can HTML-based AIR applications be bundled with the captive runtime in AIR 3.0?
  3. Can I use a traditional flex application with HTMLLoader to accomplish the same goal or does it need to be a full-blown HTML app?
    1. If HTMLLoader can be used, would I need to provide the sandbox script bridge meta tags in the iframe tag?
    2. Is there an Adobe tutorial that outlines how to setup an application such as this that I may have missed?

Any help would be very much appreciated at this point. It seems like there are a number of options available, but I'm not sure which path is the right one to pursue at this point in time.

Thank again.

Josh

This topic has been closed for replies.

1 reply

X
xia_rao
Participating Frequently
October 20, 2011

In my opinion, I think HTML-based AIR applications could be bundled with the captive runtime. And SWF-IN-HTML also have security restrict, you can refer to AIR security domain document.

Actually, the first and second approach is recommanded.

Any other questions I suggest you to open a new bug report on this over at bugbase.adobe.com. Please include sample media, code, project or app to help us reproduce the problem.

Thanks a lot.

A
Anonymous
October 21, 2011

Here my thread from StackOverFlow that offers some additional information, including the signing of the swfs and validation int he AIR app (if one decides to use Loader.loadBytes).

http://stackoverflow.com/questions/7811060/loading-external-swfs-into-an-adobe-air-application-best-practices

Firefly Community Gallery
Adobe Firefly

Remix with Firefly Community Gallery

Thousands of free creations to fall in love with and remix in Firefly.

Explore now
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices