Skip to main content
T
tom_wilson
Participating Frequently
February 3, 2014
Answered

Bitmapdatas dynamically loaded from zip are not trusted locally and thus uneditable

  • February 3, 2014
  • 1 reply
  • 1803 views

This is a very strange problem.

I am using external resources for a game I am making. One of the resources is a zip file containing 100 images (thumbnails). The purpose of this zip is simply that it will make loading these resources much easier, simpler, and as I am storing these resources on Amazon S3, significantly cheaper.

This has been working without a hitch, until I moved and ran the swf in a non-trusted location.

Now, when I try and load the first thumbnail I get this:

Loader/get content()

SecurityError: Error #2148: SWF file file:///C|/Users/Tom/Desktop/Jigsaw.swf cannot access local resource file:///C|/Users/Tom/Desktop/Jigsaw.swf/[[DYNAMIC]]/1. Only local-with-filesystem and trusted local SWF files may access local resources.

This occurs when I try and access Loader.content, which I need to do as some bitmapdatas need to be altered after loading.

I've run into a similar error when originally trying to load external resources and converting them into bitmapDatas. This was fixed using a policy file.

I figured that the policy file was the problem, but then I tried embedding the .zip into the swf instead of loading it externally, like this:

[Embed(source="../res/images/thumbnails.zip", mimeType="application/octet-stream")]

But even that threw up the same error.

What's happening is a byteArray is cleverly being converted into a BitmapData, but in the process it becomes untrusted by Flash.

I cannot find any way of converting this byte.

I've tried using several different as3 zip class packages, but they all fall at the same hurdle.

Here's the essential code:

var zip:FZip = new FZip();

zip.loadBytes(zipData);

var file:FZipFile = zip.getFileByName("image1.jpg");

var loader:Loader = new Loader();

loader.loadBytes(file.content);

root.addChild(loader);

loader.addEventListener("click", function(e) {

          var bd:BitmapData = e.target.content.bitmapData;

          bd.applyFilter(bd, bd.rect, new Point(), new BlurFilter(20, 20, 1));

} );

This is the part that really makes this weird... When I test this, it works fine, when I upload it online, fine. The only time I get the error is when the SWF is being run locally, but in an untrusted location.

Clearly, these security measures are going a bit fudged if it works without a hitch online, but doesn't locally, you'd expect it to be the other way round.

As far as I can tell there is nothing potentially dangerous with my code. It's from a trusted location (policy file is working).

I've found another unfortunate person who came across the same problem but never got an answer:

http://www.actionscript.org/forums/showthread.php3?t=261853

I've tried EVERYTHING. bitmapdatas dynamically loaded from zips are uneditable for no apparent reason.... unless the swf is being opened in a trusted location or anywhere online.

This topic has been closed for replies.
Correct answer kglad

if you want your local files to be trusted, add it to the trusted files setting:  http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html

1 reply

kglad
Community Expert
kgladCommunity ExpertCorrect answer
Community Expert
February 3, 2014

if you want your local files to be trusted, add it to the trusted files setting:  http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html

T
tom_wilsonAuthor
Participating Frequently
February 3, 2014

I have tried this and it works, but it doesn't solve the problem that anybody who plays the game outside of their internet browser will get errors whenever Loader.content is accessed.

I know this is not a massive problem but it still worries me, also it's apparent that this is a flashplayer bug when generating bitmaps from bytearrays. If the bytearray was loaded from a trusted source, then the bytearrays extracted from this bytearray (ie, images from the zip) should also be trusted.

The fact it works online but not locally is what really makes this look like a bug, also look at the error:

cannot access local resource file:///C|/Users/Tom/Desktop/Jigsaw.swf/[[DYNAMIC]]/1. Only local-with-filesystem and trusted local SWF files may access local resources

It isn't a local resource like it suggests, it could be embedded, it doesn't make a difference. It's treated like an external asset when it's not.

I should also mention that the second loader I try and access produces Jigsaw.swf/[[DYNAMIC]]/2 and the next one Jigsaw.swf/[[DYNAMIC]]/3

Conclusion: FLASH IS STUPID.

I hope this is fixable because I really need all these images as 1 file, and they will need to be updated often. A zip makes itself ideal for this purpose.


kglad
Community Expert
kgladCommunity Expert
Community Expert
February 3, 2014

it's not a bug.  you're crossing a security sandbox.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices