SECURITY sandbox workaround needed

Similar Messages

• Need some help with security sandbox stuff asap please

  hey guys... so im trying to do a swfLoader call to a swf on a server from my actionscript on my local machine, when i do that i get the security sandbox violation error.... i tried adding a crossdomain.xml file to the server that has the following code in it
  <cross-domain-policy>
       <site-control permitted-cross-domain-policies="master-only"/>
       <allow-access-from domain="*"/>
       <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
  </cross-domain-policy>
  and in my actionscript on application initialize i do
  initialize="init(); Security.loadPolicyFile('http://myServer.com/crossdomain.xml')"
  i also do
  Security.allowDomain("http://myServer.com");
  any ideas???? oh and i also went to this website http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04a.ht ml and set the always allow trust locations to "/"
  any ideas on how i could possible fix this problem?? ive been trying to get around this problem for the last 2 days!!
  please help!!!!

  Hi,
  Please use policy file logging to check the exact error. This should shed some light on the problem.The procedure is detailed here.
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html
  Nishad

• Need Help figuring out security sandbox issue after changing webhost

  I'm in the process of switching my webhost from 1&1 shared hosting to a dedicated IP address with a smaller company that specializes in Drupal sites and doesn't know much about flash. 
  1&1 is still the Registrar for my domain, but I've 'parked' YourGods.com on the Holistic servers and have 'pointed' my site to the Holistic DomainNameServers instead of the 1&1 servers.
  After doing this, my Flash site (which is based on the Gaia framework) stopped working, and the Flashplayer Debugger, gave me the following errors:
  Error: Failed to load policy file from xmlsocket://127.0.0.1:5800
  Error: Request for resource at xmlsocket://127.0.0.1:5800 by requestor from http://www.yourgods.com/bin/main.swf has failed because the server cannot be reached.
  *** Security Sandbox Violation ***
  Connection to 127.0.0.1:5800 halted - not permitted from http://www.yourgods.com/bin/main.swf
  Someone helping me on another thread thought 127.0.0.1:5800 might mean the problem had to do with my paths and that I was trying to access something on my local computer, as opposed to being a standard cross-domain issue where one server was trying to access files on another, unrelated server.
  Can someone clarify this?
  I Googled 127.0.0.1:5800 and found some stuff about loops between a server and the originating computer but I'm really not sure how to put all of this together.
  Is there a way (with the flash debugger or other software) to step through my actionscript code with periodic breakpoints so I can figure out what line is causing the problem?
  Or a way to figure out if this is a problem between Holistic and my local computer or Holistic and the 1&1 web servers?
  Thanks for any help.

  Thanks Josh.
  I finally tracked this down last night with help from the folks at actionscript.org.  I hadn't deactivated my Debugger which runs off of a desktop AIR application - so the server was trying to reach my localhost to run its trace statements.  Deactivating the Debugger fixed the problem. 

• How to resolve security sandbox violation (Error#2148) in Flex 3 on XP?

  Hi,
  When I tried to access an image on c:\ (on XP), I get the following error:
  *** Security Sandbox Violation ***
  Connection to file:///C:\DBFiles\3.jpg halted - not permitted from http://localhost/test-debug/test.swf
  -- Remote SWFs may not access local files.SecurityError: Error #2148: SWF file http://localhost/ullmanphp-debug/ullmanphp.swf cannot access local resource file:///C:\DBFiles\INDSprintOrgChart.pptx\3.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
  at flash.display::Loader/_load()
  at flash.display::Loader/load()
  It looks like some sort of mismatch on security settings. I have done the following so far (based on what I got by googling....)
  1. Flex comipler setting additional compiler arguments:  -use-network=false
  2. I have added a crossdomain.xml on the source directory with these lines...
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
  However, error is still appearing. How do I fix this for testing on my local machine. I cannot move to a webserver at this time.
  Thanks!.

  How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
  Security.sandboxType has one of the following values:
  remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
  localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
  localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
  localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
  application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
  Any input on how to set it would be greatly appreciated. Thanks!

• Security sandbox violation

  Can someone please help me see what's wrong with this picture?  Why is this security error happening?  Is there something I need to change with my crossdomain.xml file?
  LoadURL loadError [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://www.mysite/mySWF.swf cannot load data from http://mysite.com/scripts/myScript.php."]
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <site-control permitted-cross-domain-policies="master-only" />
  <cross-domain-policy>
  <allow-access-from domain="mysite.com" />
  <allow-access-from domain="www.mysite.com" />
  <allow-access-from domain="*.mysite.com" />
  </cross-domain-policy>

  nevermind, idk why I put the site control node outside of the cross-domain-policy root.

• Security Sandbox violation, opening links in Flash player

  Hi,
  I have a swf content and its content served from a content management server say for eg, http://www9.abc.com into the html file which is served from http://qwww9.abc.com The links embedded in the flash were not working, when these links are clicked I get this error when tried with Flash debugger player.
  *** Security Sandbox Violation ***SecurityDomain 'http://qwww9.abc.com/' tried to access incompatible context 'https://www9.abc.com/sample.swf'
  I had set a crossdomain policy file in a custom location in the content management server for this issue, but with the Flash player 9,0,115,0 this stopped working due to default policy change to "master-only". I will not be able to have this policy file in the root folder of the content management server or have the policy set in the HTTP response header.
  Is there anyother solution for this issue, for having the links work without setting the crossdomain policy file?
  Thanks in advance...

  How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
  Security.sandboxType has one of the following values:
  remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
  localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
  localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
  localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
  application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
  Any input on how to set it would be greatly appreciated. Thanks!

• Security sandbox violation: BitmapData.draw

  Hello,
  I got this error:
  SecurityError: Error #2122: Security sandbox violation: BitmapData.draw: A policy file is required, but the checkPolicyFile flag was not set when this media was loaded. 
  when I try to draw a frame of a movie that is downloading from another server. Crossdomain.xml is set. Another Jpgs are correctly drawn but only a movie causes an error.
  I need to checkPolicyFile but where should I do this? I have no direct access  to Loader to set up LoaderContext(true) ...
  Thanks,
  Michal

  I too would love to know how we can pass in our own LoaderContext to set the security domain. I'm receiving the same error after snapshotting a loaded SWFElement bug/watermark.
  e.g.
  var bug:MediaElement = new SWFElement(new URLResource(url));
  var bugTrait:LoadTrait = bug.getTrait(MediaTraitType.LOAD) as LoadTrait;
  bugTrait.load();

• AIR, Fonts, CS4 and the security sandbox

  I have no idea why embedding fonts in CS4 using library->new font includes every european character EXCEPT polish. You have german, french, spanish, norwegian, but not polish. Well, since embedding a font from Flash is the only way to use bitmap fonts in Flex, I had to create a library of external font files, one SWF per font size and style. Such an SWF exposes several functions, such as returning a ready to use pre-formatted textfield, returning the font name (Such as Tahoma) and the font name you actually need to use (such as Tahoma_13pt_st).
  I thought I'd need an AIR application to parse through all the fonts (and there are quite a few) extract the neccesary data, such as font size, name and so on and generate an XML file, so that I can load fonts at dynamic.
  The first problem I encountered was the security sandbox. A possible solution was to use the loaderInfo.childSandboxBridge. That approach didn't work however, as I was generating plain SWF files from flash CS4. childSandboxBridge is an AIR property, so I had to create an AIR file and try to set the bridge property to a simple number. So I did, but it gave me a
  SecurityError: Error #3206: Caller app:/TahomaBold13.swf cannot set LoaderInfo property childSandboxBridge.
  Weird. Well, I reverted the file to plain CS4 FPL10 SWF and decided to try another approach. I first loaded the SWF as a FileStream, then put the bytes into Loader.loadBytes. That should take care of security. And it did, however it created another problem.
  The font library relies on being able to enumerate the embeded fonts. The SWF's constructor has a function that enumerates all fonts and isolates the font embeded in the SWF, and then extracts it's properties. When launching the SWF by itself, or loading it from another CS4 FPL10 SWF it launches perfectly and enumerates the fonts as it should. However when the SWF is executed from inside AIR, the constructor located in the font file, as well as a function called from the main application upon executing enumerateFonts(false) both give an empty array. Which is quite weird really, as the loaded SWF contains an input TextField with embedded fonts. And I can edit and type stuff in that textfield, even while it's rotated.
  I thought this might be an issue of a different flash player version, but I tried to target AIR 1.5 and flash 9, neither worked and both returned no embeded fonts.
  Here's the entire source of the mxml air app
  <?xml version="1.0" encoding="utf-8"?>
  <mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
       <mx:Panel x="0" y="0" width="100%" height="100%" layout="absolute" title="M2C Studio Font Parser Utility">
            <mx:VBox x="0" y="0" width="100%" height="100%" paddingRight="10" paddingLeft="10" paddingTop="10" paddingBottom="0">     
                 <mx:HBox x="10" y="10" width="100%" height="95%">
                      <mx:VBox width="50%" height="100%">
                           <mx:Label text="Select font directory from filelist below"/>
                           <mx:FileSystemTree width="100%" height="50%" id="fileTree"/>
                           <mx:HRule width="100%"/>
                           <mx:Label text="Fonts list"/>
                           <mx:Text width="100%" height="50%" id="fontlist"/>
                      </mx:VBox>
                      <mx:VRule height="100%"/>
                      <mx:VBox width="50%" height="100%">
                           <mx:Label text="XML Output"/>
                           <mx:TextArea width="100%" height="50%" backgroundColor="#ECE9E9"/>
                           <mx:Canvas width="100%" height="50%" id="canv">
                           </mx:Canvas>
                      </mx:VBox>
                 </mx:HBox>
                 <mx:Button label="Generate XML from directory" width="100%" click="handlePress();"/>
            </mx:VBox>
       </mx:Panel>
       <mx:Script>
      <![CDATA[
           import flash.utils.setInterval;
           import com.m2cstudio.archont.utility.fonts.FontLibraryItem;
           import com.m2cstudio.archont.utility.fonts.IFontLibraryItem;
           import mx.accessibility.AlertAccImpl;
               import mx.controls.*;
              import mx.events.*;
              import mx.controls.Alert;
              var rx:RegExp = /^.*\.swf$/;
              function handlePress():void
                   // This also throws an error
                   //Security.allowDomain("*");
                   var file:File = fileTree.selectedItem as File;
                   var aLoad:Array = new Array();                 
                   if(!file)
                        Alert.show("You must select a folder", "Error");
                        return;
                   } else if(!file.isDirectory) {
                        Alert.show("You must select a folder, not a file", "Error");
                        return;
                   var aList:Array = file.getDirectoryListing();
                   for each (var fil:File in aList)
                        if(!fil.isDirectory)
                             if(fil.nativePath.match(rx))
                                  // Is swf
                                  var fs:FileStream = new FileStream();
                                  fs.addEventListener(Event.COMPLETE, handleFileStreamLoaded);
                                  fs.openAsync(fil, FileMode.READ);                       
              function handleFileStreamLoaded(e:Event):void
                   var fs:FileStream = e.target as FileStream;
                   var ld:Loader = new Loader();
                   var lc:LoaderContext = new LoaderContext();
                   var ba:ByteArray = new ByteArray();
                   lc.allowLoadBytesCodeExecution = true;
                   fs.readBytes(ba);
                   fs.close();
                   ld.contentLoaderInfo.addEventListener(Event.COMPLETE, handleLoaded);
                   ld.loadBytes(ba, lc);        
              function handleLoaded(e:Event):void
                      var cnt:FontLibraryItem = e.target.content as FontLibraryItem;
                      cnt.rotation=10; // Rotation, just to be sure it's not using system fonts
                      canv.rawChildren.addChild(cnt);
                      // This doesn't output anything - neither the main app nor the loaded SWF 'see' any embedded fonts, even though the later uses them!
                      for each (var f:Font in Font.enumerateFonts(false))
                           Alert.show(f.fontName, f.fontType);     
                      // This should retrieve the appropriate values but throws an error because the SWF can't grab the Font definition
                      //Alert.show(cnt.getFontName(), cnt.getFontStyle());               
      ]]>
      </mx:Script>
  </mx:WindowedApplication>
  Here's a screen of what it actually looks like when compiled:
  Here's the source of the font library item. Note that the SWF contains only 2 items. A TextField named font with embeded characters and a boolean bt on the first frame.
  package com.m2cstudio.archont.utility.fonts
       import flash.display.MovieClip;
       import flash.text.*;
       public dynamic class FontLibraryItem extends MovieClip implements IFontLibraryItem
            private var txtFont:TextField;
            private var fFont:Font;
            public function FontLibraryItem()
                 super();
                           // Causes an error - see below why
                 //init();
            public function getFontName():String
                 return fFont.fontName;
            public function getFontType():String
                 return fFont.fontType;
            public function getFontStyle():String
                 return fFont.fontStyle;
            public function getBitmapText():Boolean
                 return this.bt;
            public function getBitmapTextSize():uint
                 if(this.bt) {
                      return Number(txtFont.defaultTextFormat.size);
                 } else {
                      return 0;
            public function hasGlyphs(glyphs:String):Boolean
                 return fFont.hasGlyphs(glyphs);
            public function createTextField():TextField
                 var tf:TextField = new TextField();
                 tf.embedFonts = true;
                 tf.defaultTextFormat = (this.font as TextField).defaultTextFormat;
                 return tf;
            public function init():void
                 if(this.font) {
                      txtFont = this.font;
                 } else {
                      throw new Error("Document must contain a textfield named 'font' with the embedded font");
                 var fArr:Array = Font.enumerateFonts(false);
                 if(fArr.length==0) {
                      throw new Error("Document does not contain any embeded fonts.");
                 } else if (fArr.length>1) {
                      throw new Error("Document must contain not more than one embedded font");
                 fFont = fArr[0];
  I'm hoping some AIR specialists will take a look at this. Frankly I'm stumped. Font support in Flash was always black magic, more or less, so I can only hope this is an issue that can be solved.
  Just tell me and I'll provide more source or sceenshots.
  Cheers,
  -archont

  I even tried porting the code to Gumbo and running it there - still, no fonts are being enumerated.
  If you're too lazy to read the whole above post, here's the problem in one sentence
  An SWF that contains a textfield with embedded fonts, when launched by itself succeeds to return the embedded font using Font.enumerateFonts(false), however when loaded using Loader.loadBytes into AIR, it fails to see those fonts even though the textfield in it is displayed and editable.
  How do I make the loaded child application and AIR see the embedded font?

• Flex == Socklet Policy  == Security sandbox violation ?!?!?!?!

  Please help me with this problem. I'v had this problem for
  over a month
  I'm trying to connect to my C# server through my Flex client.
  Flex client in running on IIS (c:/inetpub/wwwroot)
  the policy file in on the root folder of IIS
  <?xml
  version="1.0"?>
  <cross-domain-policy>
  <allow-access-from domain="*" to-ports="*" secure="false"
  />
  </cross-domain-policy>
  1: I tried to use the loadPolicy method before i connect
  through sockets
  Security.loadPolicyFile("h ttp://localhost/crossdomain.xml");
  (space does not exist in real code)
  2: flex sends this message to server side while connecting
  ("<policy-file-request/>") so as soon as i get this message
  on server side i read the policy text from crossdomain.xml and i
  send ti back to the client.
  eventhough i get a security error the client is still able to
  connect to the server and send messages but it cannot receive any
  message
  I get the following security error:
  [SecurityErrorEvent
  type="securityError" bubbles=false cancelable=false eventPhase=2
  text="Error #2048: Security sandbox violation:
  file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
  load data from 10.0.0.3:8000."]Error #2048: Security sandbox
  violation:
  file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
  load data from 10.0.0.3:8000.
  y am i still getting this error???????????
  some people suggested to read the log files: but i followed
  all adobe tutorials to turn os loggin, but couldn't get it to work.
  mm.cfg does not exist, log folder for flash player does not exist,
  log.txt for flash player does not exists.

  Hi,
  In the move from Flash Player 9 to 10, Adobe increased the security constraints on sockets. If you are using sockets to connect to an "un-trusted" server, then you will still need a Cross-Domain Policy file, however that policy file must also be served up through sockets (not through HTTP).
  You will need to run a socket server on the server you are connecting to in order to serve up the appropriate XML document through port 843 (by default). This socket server can be implemented in any number of ways, but I use a Java socket server that Thomas over at LessRain has posted on their blog. You can find it here: http://www.blog.lessrain.com/as3-java-socket-connections-to-ports-below-1024/
  Good luck,
  Taylor
  4Point Solutions Ltd.
  http://blogs.4point.com/taylor.bastien/

• Local-with-networking sandbox. (Security Sandbox Violation)

  Hi
  I am developing an application for Android devices.
  where I am facing Security Sandbox Violation issue. not getting any proper solution plz help..
  I have main.swf (included in apk) on device and main.swf download abc.swf from server and save it to device(app-storage).
  after downloaded, main.swf loads abc.swf in it, abc.swf need to connect to internet to retrieves data from www.example.com
  main.swf is not allowing abc.swf to connect with internet and giving this error..
  *** Security Sandbox Violation ***
  Connection to http://www.example.com/data.xml halted - not permitted from app-storage://abc.swf
  -- Untrusted local SWFs may not contact the Internet.
  SecurityError: Error #2028: Local-with-filesystem SWF file app-storage:/abc.swf cannot access Internet URL http://www.example.com/data.xml.
  I have keep crossdomain.xml on www.example.com/crossdomain.xml
  the xml has these parameter..
  <cross-domain-policy>
  <site-control permitted-cross-domain-policies="all"/>
  <allow-access-from domain="*"/>
  </cross-domain-policy>
  plz help what i am doing wrong??

  Thank you for replying
  Yes this is necessary to download the abc.swf to local, because this app can work offline.
  I have tried to load abc.swf direct from server. It’s working properly.
  But as per requirement we need to save them on locally.
  what should I do? plz suggest any better way.
  thanks

• Security sandbox and accessing multiple servers

  I own the domain kitfox.com, and need to have my WebStart application access servlets on my host server. However, I would like to distribute my servlets across many servers so that the load is balanced. I would also like to do this while keeping everything in the security sandbox (ie, I don't want my users altering their permissions).
  If I define several subdomains so that apple.kitfox.com, banana.kitfox.com and cherry.kitfox.com point to three different machines, does this violate the security model?
  Mark McKay
  http://www.kitfox.com

  The sandbox restricts outgoing network connections to just the server the application (or applet) was loaded from. So for your app to be able to access apple.kitfox.com it would need to be loaded from apple.kitfox.com. However, the "same" app when loaded from banana.kitfox.com will register as a different app with WebStart.

• That old chestnut: *** Security Sandbox Violation *** clogging the debug trace

  Hi,
  I am attempting to debug a project for Flash Mobile and getting very irritated by *** Security Sandbox Violation *** warnings whenever I move, touch or interact with the application in any way whatsoever. These typically fire two or three _PAGES_ of warnings for a simple drag operation... Because there are so many of these warnings, the debug trace is effectively redundant and useless unless I actively insert a manual break point immediately after the traces I want to view - fine for a comms operation, not so useful when attempting to debug coordinates for a drag operation.
  The cause, obviously, is that I have loaded external content for display in a SWFLoader component...
  Because I am in AIR for mobile, I cannot access Security to allow the domain and crossdomain from the content provider is ignored or not loaded.
  I have found a number of references to this ranging from very recent to several years ago, such as this one which indicates a) the trace is a bug and b) something was being done about it: http://forums.adobe.com/thread/576999
  I cannot find any reference to a fix ever being implemented and the trace issue is driving me nuts.
  Please, please, please can somebody direct me to a workaround to hide this? I've tried all kinds of disabling for mouse events, keyboard events, mouse children etc.
  Thanks,
  Overwhelmed-in-the-traces of Dublin

  Is it bad form to bump?
  G

• Reader X Security Sandbox - adding exceptions (plugin)

  The "Inside Adobe Reader X protected mode" articles briefly mention that the Sandbox should be programmatically configurable (using AddRule()).
  Also the reader X SDK should contain some sample code for adding rules, but I don't see the example anywhere. Searching the whole SDK for terms like "broker", "sandbox" or "addrule" also doesn't find anything.
  How to configure the security sandbox to allow writing to a specific location in the registry (under HKCU)?
  How to configure the security sandbox to allow writing to a specific directory on the filesystem?

  I've read ur post on your blog and replied to it but i didn't see my reply being posted.
  The issue with us is that whenever we open Adobe Reader our plugin opens "myApp.exe".
  with protected mode on, it gives an exception: shell execute exeception cannot launch "myApp.exe" (something like that)
  and in the protected mode Log on, i can see that we need to use the whitelist policy " process_All_exec"
  using that pointing to our "myApp.exe" this removes the initial error but tries to open "myApp.exe" from C:\Windows\sytem32 which is weird because "myApp.exe" is in programFiles.
  and in your blog i read something dangerous "The general rule seems to be: don’t try to talk to other processes " if so, why do we have process_all_exec ?
  i am kinda turning in looops in all the forums... and no real solution, no samples..

• 2051 Security Sandbox Violation

  I am getting a 2051 Security Sandbox Violation. Any ideas on
  how to fix this?
  Basically I created 4 buttons and (after publishing) when I
  click on them I get this code. Is there something that will work
  other than javascript? I need the button to open a pop-up window.
  My button code:
  bd_btn.addEventListener(MouseEvent.CLICK, buttonClickbd);
  function buttonClickbd(event:MouseEvent):void {
  var jscommand:String = "window.open('
  http://www.axiumae.com/flash/demoBD.swf','win','height=545,width=790,toolbar=no,scrollbars =no');";
  var url:URLRequest = new URLRequest("javascript:" + jscommand + "
  void(0);"); navigateToURL(url, "_blank");

  I am getting a 2051 Security Sandbox Violation. Any ideas on
  how to fix this?
  Basically I created 4 buttons and (after publishing) when I
  click on them I get this code. Is there something that will work
  other than javascript? I need the button to open a pop-up window.
  My button code:
  bd_btn.addEventListener(MouseEvent.CLICK, buttonClickbd);
  function buttonClickbd(event:MouseEvent):void {
  var jscommand:String = "window.open('
  http://www.axiumae.com/flash/demoBD.swf','win','height=545,width=790,toolbar=no,scrollbars =no');";
  var url:URLRequest = new URLRequest("javascript:" + jscommand + "
  void(0);"); navigateToURL(url, "_blank");

• Air app, Rest service, Security sandbox violation

  Hi All,
    I wrote an app a couple of years ago using flex 3 that connects to a number of remote web services and does various things.
  This worked fine.
  Now I have been asked by the customer to update the app as it stopped working at some point.
  I am trying to use the resthttpservice library to do a PUT operation, but I am getting the following error when I try and create a socket to the remote server:
  Error #2048: Security sandbox violation: app:/main.swf cannot load data from http://my.host:8182
  Now, it's been a while since I've done anything with flex so I am rusty. But this error is usually fixed by having a crossdomains.xml file on the remote server. But it was my understanding that this was only required when one's app was running from within the browser and that desktop applications are not effected.
  Can anyone clarify this for me? It seems that there were changes made to the flash player in version 10 that might have changed this.
  I am very puzzled at this point!
  thanks for any help!

  These articles discuss security changes between FP 9 and 10:
  http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9-10_security.html
  What is impacted?
  This change can potentially affect any SWF file accessing cross-domain content. This change affects SWF files of all versions played in Flash Player 10 and later. This change affects all non-app content in Adobe AIR (however, AIR app content itself is unaffected).
  What do I need to do?
  Read the article: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html