flash.systemImageDecodingPolicy The ImageDecodingPolicy class defines values for the imageDecodingPolicy property of the LoaderContext class.The ImageDecodingPolicy class defines values for the imageDecodingPolicy property of the LoaderContext class. Object The ImageDecodingPolicy class defines values for the imageDecodingPolicy property of the LoaderContext class. ON_DEMAND Specifies that the image being loaded will not be decoded until needed.onDemandString Specifies that the image being loaded will not be decoded until needed. ON_LOAD Specifies that the image will be decoded when it is loaded, before the complete event is sent.onLoadString Specifies that the image will be decoded when it is loaded, before the complete event is sent. SystemUpdaterType The SystemUpdaterType class provides constants for a system update.Object The SystemUpdaterType class provides constants for a system update. These constants are used in the SystemUpdater.update() function.

Note: The SystemUpdater API is supported on desktop platforms.

DRM Updates the DRM module.drmString Updates the DRM module. SYSTEM Updates the player runtime itself.systemString Updates the player runtime itself. IMEConversionMode This class contains constants for use with the IME.conversionMode property.Object This class contains constants for use with the IME.conversionMode property. Setting conversionMode to either ALPHANUMERIC_FULL or JAPANESE_KATAKANA_FULL causes the player to use a full width font, whereas using ALPHANUMERIC_HALF or JAPANESE_KATAKANA_HALF uses a half width font. ALPHANUMERIC_FULL The string "ALPHANUMERIC_FULL", for use with the IME.conversionMode property.ALPHANUMERIC_FULLString The string "ALPHANUMERIC_FULL", for use with the IME.conversionMode property. This constant is used with all IMEs. Use the syntax IMEConversionMode.ALPHANUMERIC_FULL. ALPHANUMERIC_HALF The string "ALPHANUMERIC_HALF", for use with the IME.conversionMode property.ALPHANUMERIC_HALFString The string "ALPHANUMERIC_HALF", for use with the IME.conversionMode property. This constant is used with all IMEs. Use the syntax IMEConversionMode.ALPHANUMERIC_HALF. CHINESE The string "CHINESE", for use with the IME.conversionMode property.CHINESEString The string "CHINESE", for use with the IME.conversionMode property. This constant is used with simplified and traditional Chinese IMEs. Use the syntax IMEConversionMode.CHINESE. JAPANESE_HIRAGANA The string "JAPANESE_HIRAGANA", for use with the IME.conversionMode property.JAPANESE_HIRAGANAString The string "JAPANESE_HIRAGANA", for use with the IME.conversionMode property. This constant is used with Japanese IMEs. Use the syntax IMEConversionMode.JAPANESE_HIRAGANA. JAPANESE_KATAKANA_FULL The string "JAPANESE_KATAKANA_FULL", for use with the IME.conversionMode property.JAPANESE_KATAKANA_FULLString The string "JAPANESE_KATAKANA_FULL", for use with the IME.conversionMode property. This constant is used with Japanese IMEs. Use the syntax IMEConversionMode.JAPANESE_KATAKANA_FULL. JAPANESE_KATAKANA_HALF The string "JAPANESE_KATAKANA_HALF", for use with the IME.conversionMode property.JAPANESE_KATAKANA_HALFString The string "JAPANESE_KATAKANA_HALF", for use with the IME.conversionMode property. This constant is used with Japanese IMEs. Use the syntax IMEConversionMode.JAPANESE_KATAKANA_HALF. KOREAN The string "KOREAN", for use with the IME.conversionMode property.KOREANString The string "KOREAN", for use with the IME.conversionMode property. This constant is used with Korean IMEs. Use the syntax IMEConversionMode.KOREAN. UNKNOWN The string "UNKNOWN", which can be returned by a call to the IME.conversionMode property.UNKNOWNString The string "UNKNOWN", which can be returned by a call to the IME.conversionMode property. This value cannot be set, and is returned only if the player is unable to identify the currently active IME. Use the syntax IMEConversionMode.UNKNOWN. SecurityPanel The SecurityPanel class provides values for specifying which Security Settings panel you want to display.Object The SecurityPanel class provides values for specifying which Security Settings panel you want to display.

This class contains static constants that are used with the Security.showSettings() method. You cannot create new instances of the SecurityPanel class.

The following example shows how a click event on a Sprite object can be used to show the Local Storage Settings panel of the Flash Player Settings. An orange box is added to the stage using draw(). In draw(), a click event listener is added named clickHandler(), which responds to click events by directing Flash Player to open its Local Storage Settings panel. package { import flash.display.Sprite; import flash.text.TextField; import flash.events.*; import flash.system.Security; import flash.system.SecurityPanel; public class SecurityExample extends Sprite { private var bgColor:uint = 0xFFCC00; private var size:uint = 100; public function SecurityExample() { draw(); } private function draw():void { var child:Sprite = new Sprite(); child.graphics.beginFill(bgColor); child.graphics.drawRect(0, 0, size, size); child.graphics.endFill(); child.buttonMode = true; var label:TextField = new TextField(); label.text = "settings"; label.selectable = false; label.mouseEnabled = false; child.addChild(label); child.addEventListener(MouseEvent.CLICK, clickHandler); addChild(child); } private function clickHandler(event:MouseEvent):void { Security.showSettings(SecurityPanel.LOCAL_STORAGE); } } } CAMERA When passed to Security.showSettings(), displays the Camera panel in Flash Player Settings.Security, Security.CAMERA, CAMERA cameraString When passed to Security.showSettings(), displays the Camera panel in Flash Player Settings. DEFAULT When passed to Security.showSettings(), displays the panel that was open the last time the user closed the Flash Player Settings.Security, Security.DEFAULT, DEFAULT defaultString When passed to Security.showSettings(), displays the panel that was open the last time the user closed the Flash Player Settings. DISPLAY When passed to Security.showSettings(), displays the Display panel in Flash Player Settings.Security, Security.DISPLAY, DISPLAY displayString When passed to Security.showSettings(), displays the Display panel in Flash Player Settings. LOCAL_STORAGE When passed to Security.showSettings(), displays the Local Storage Settings panel in Flash Player Settings.Security, Security.LOCAL_STORAGE, LOCAL_STORAGE localStorageString When passed to Security.showSettings(), displays the Local Storage Settings panel in Flash Player Settings. MICROPHONE When passed to Security.showSettings(), displays the Microphone panel in Flash Player Settings.Security, Security.MICROPHONE, MICROPHONE microphoneString When passed to Security.showSettings(), displays the Microphone panel in Flash Player Settings. PRIVACY When passed to Security.showSettings(), displays the Privacy Settings panel in Flash Player Settings.Security, Security.PRIVACY, PRIVACY privacyString When passed to Security.showSettings(), displays the Privacy Settings panel in Flash Player Settings. SETTINGS_MANAGER When passed to Security.showSettings(), displays the Settings Manager (in a separate browser window).Security, Security.SETTINGS_MANAGER, SETTINGS_MANAGER settingsManagerString When passed to Security.showSettings(), displays the Settings Manager (in a separate browser window). TouchscreenType The TouchscreenType class is an enumeration class that provides values for the different types of touch screens.Object The TouchscreenType class is an enumeration class that provides values for the different types of touch screens.

Use the values defined by the TouchscreenType class with the Capabilities.touchscreenType property.

The following example is a simple test that indicates the current state of the "Num Lock" and "Caps Lock" keys as well as the type of keybaord and touch screen type in the running environment. When testing this example, click the text field to see the property values: import flash.events.~~; import flash.display.~~; import flash.ui.Keyboard; import flash.system.Capabilities; import flash.text.TextField; var keyboardInfoTxt:TextField = new TextField(); keyboardInfoTxt.x = 30; keyboardInfoTxt.y = 50; keyboardInfoTxt.width = 300; keyboardInfoTxt.height = 100; keyboardInfoTxt.border = true; addChild(keyboardInfoTxt); addEventListener (MouseEvent.CLICK, getScreenKeyboardType); function getScreenKeyboardType(e:MouseEvent):void{ keyboardInfoTxt.text= "Caps Lock is : " + String(flash.ui.Keyboard.capsLock)+ "\n" + "Num Lock is : " + String(flash.ui.Keyboard.numLock) +"\n" + "Has Virtual Keyboard : " + String(flash.ui.Keyboard.hasVirtualKeyboard) + "\n" + "Physical Keyboard Type : " + flash.ui.Keyboard.physicalKeyboardType + "\n" + "flash.system.Capabilities.touchscreenType is : " + flash.system.Capabilities.touchscreenType; } FINGER A touchscreen designed to respond to finger touches.fingerString A touchscreen designed to respond to finger touches. NONE The computer or device does not have a supported touchscreen.noneString The computer or device does not have a supported touchscreen. STYLUS A touchscreen designed for use with a stylus.stylusString A touchscreen designed for use with a stylus. ApplicationDomain The ApplicationDomain class is a container for discrete groups of class definitions.Security considerations for application domains are discussed in the applicationDomain property entries of URLRequest and LoaderInfo. Object The ApplicationDomain class is a container for discrete groups of class definitions. Application domains are used to partition classes that are in the same security domain. They allow multiple definitions of the same class to exist and allow children to reuse parent definitions.

Application domains are used when an external SWF file is loaded through the Loader class. All ActionScript 3.0 definitions in the loaded SWF file are stored in the application domain, which is specified by the applicationDomain property of the LoaderContext object that you pass as a context parameter of the Loader object's load() or loadBytes() method. The LoaderInfo object also contains an applicationDomain property, which is read-only.

All code in a SWF file is defined to exist in an application domain. The current application domain is where your main application runs. The system domain contains all application domains, including the current domain, which means that it contains all Flash Player classes.

Every application domain, except the system domain, has an associated parent domain. The parent domain of your main application's application domain is the system domain. Loaded classes are defined only when their parent doesn't already define them. You cannot override a loaded class definition with a newer definition.

For usage examples of application domains, see the ActionScript 3.0 Developer's Guide.

The ApplicationDomain() constructor function allows you to create an ApplicationDomain object.

The following example demonstrates runtime class loading as well as how to call public methods of a class that reside in another SWF.

Notes:

Since the ClassLoader class loads a SWF file, local security needs to be at the file system level.
To run this example, you must have a swf file called RuntimeClasses.swf existing in the same folder as the ApplicationDomainExample.swf file.

Begin by creating the RuntimeClasses.swf file from the following code:

package { import flash.display.Sprite; public class RuntimeClasses extends Sprite { public function RuntimeClasses() {} public function greet():String { return("Hello World"); } } }

Then implement the following code:

package { import flash.display.DisplayObject; import flash.display.Sprite; import flash.errors.IllegalOperationError; import flash.events.Event; import flash.text.TextField; public class ApplicationDomainExample extends Sprite { private var loader:ClassLoader; private var tf:TextField = new TextField(); public function ApplicationDomainExample() { addChild(tf); loader = new ClassLoader(); loader.addEventListener(ClassLoader.LOAD_ERROR,loadErrorHandler); loader.addEventListener(ClassLoader.CLASS_LOADED,classLoadedHandler); loader.load("RuntimeClasses.swf"); } private function loadErrorHandler(e:Event):void { tf.text = "Load failed"; throw new IllegalOperationError("Cannot load the specified file."); } private function classLoadedHandler(e:Event):void { var runtimeClassRef:Class = loader.getClass("RuntimeClasses"); var greeter:Object = new runtimeClassRef(); tf.text = greeter.greet(); } } } import flash.display.Loader; import flash.errors.IllegalOperationError; import flash.events.Event; import flash.events.EventDispatcher; import flash.events.IOErrorEvent; import flash.events.SecurityErrorEvent; import flash.net.URLRequest; import flash.system.ApplicationDomain; import flash.system.LoaderContext; class ClassLoader extends EventDispatcher { public static var CLASS_LOADED:String = "classLoaded"; public static var LOAD_ERROR:String = "loadError"; private var loader:Loader; private var swfLib:String; private var request:URLRequest; private var loadedClass:Class; public function ClassLoader() { loader = new Loader(); loader.contentLoaderInfo.addEventListener(Event.COMPLETE,completeHandler); loader.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR,ioErrorHandler); loader.contentLoaderInfo.addEventListener(SecurityErrorEvent.SECURITY_ERROR,securityErrorHandler); } public function load(lib:String):void { swfLib = lib; request = new URLRequest(swfLib); var context:LoaderContext = new LoaderContext(); context.applicationDomain=ApplicationDomain.currentDomain; loader.load(request,context); } public function getClass(className:String):Class { try { return loader.contentLoaderInfo.applicationDomain.getDefinition(className) as Class; } catch (e:Error) { throw new IllegalOperationError(className + " definition not found in " + swfLib); } return null; } private function completeHandler(e:Event):void { dispatchEvent(new Event(ClassLoader.CLASS_LOADED)); } private function ioErrorHandler(e:Event):void { dispatchEvent(new Event(ClassLoader.LOAD_ERROR)); } private function securityErrorHandler(e:Event):void { dispatchEvent(new Event(ClassLoader.LOAD_ERROR)); } } If multiple SWF files contain compiled classes with the same name but provide different implementation, you can partition the classes of externally loaded SWF files separate from the classes of each other following this example. Previously, the child SWF was instructed to use ApplicationDomain.currentDomain. In this case, a new ApplicationDomain is created, so that then the properties and methods of the Greeter class of whichever SWF loads second will not replace the properties and methods of the first Greeter class. You can test this by modifying the context.applicationDomain property in the load method of ClassLoader.

Notes:

Since the ClassLoader class loads a SWF file, local security needs to be at the file system level.
To run this example, you must have two SWF files called Greeter.swf existing in an "en" and "es" folder respectively.

Create a Greeter.as file in the "en" directory with the following code:

package { import flash.display.Sprite; public class Greeter extends Sprite { public function Greeter() { } public function greet():String { return("Good Morning"); } } }

Then create a very similar Greeter.as file in the "es" directory:

package { import flash.display.Sprite; public class Greeter extends Sprite { public function Greeter() { } public function greet():String { return("Buenos Dias"); } } }

Compile SWF files for both and then implement the following code:

package { import flash.display.DisplayObject; import flash.display.Sprite; import flash.errors.IllegalOperationError; import flash.events.Event; import flash.text.TextField; import flash.text.TextFieldAutoSize; public class ApplicationDomainExample2 extends Sprite { private var spanishGreeterLoader:ClassLoader; private var englishGreeterLoader:ClassLoader; private var tf:TextField = new TextField(); private var greetersLoaded:uint = 0; public function ApplicationDomainExample2() { tf.autoSize = TextFieldAutoSize.LEFT; addChild(tf); spanishGreeterLoader = new ClassLoader(); spanishGreeterLoader.addEventListener(ClassLoader.LOAD_ERROR,loadErrorHandler); spanishGreeterLoader.addEventListener(ClassLoader.CLASS_LOADED,classLoadedHandler); spanishGreeterLoader.load("es/Greeter.swf"); englishGreeterLoader = new ClassLoader(); englishGreeterLoader.addEventListener(ClassLoader.LOAD_ERROR,loadErrorHandler); englishGreeterLoader.addEventListener(ClassLoader.CLASS_LOADED,classLoadedHandler); englishGreeterLoader.load("en/Greeter.swf"); } private function loadErrorHandler(e:Event):void { tf.text = "Load failed"; throw new IllegalOperationError("Cannot load the specified file."); } private function classLoadedHandler(e:Event):void { greetersLoaded++; if(greetersLoaded == 2) { greet(); } } private function greet():void { var spanishGreeter:Class = spanishGreeterLoader.getClass("Greeter"); var englishGreeter:Class = englishGreeterLoader.getClass("Greeter"); var greeter1 = new spanishGreeter(); var greeter2 = new englishGreeter(); tf.text = greeter1.greet() + "\n" + greeter2.greet(); } } } import flash.display.Loader; import flash.errors.IllegalOperationError; import flash.events.Event; import flash.events.EventDispatcher; import flash.events.IOErrorEvent; import flash.events.SecurityErrorEvent; import flash.net.URLRequest; import flash.system.ApplicationDomain; import flash.system.LoaderContext; class ClassLoader extends EventDispatcher { public static var CLASS_LOADED:String = "classLoaded"; public static var LOAD_ERROR:String = "loadError"; private var loader:Loader; private var swfLib:String; private var request:URLRequest; private var loadedClass:Class; public function ClassLoader() { loader = new Loader(); loader.contentLoaderInfo.addEventListener(Event.COMPLETE,completeHandler); loader.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR,ioErrorHandler); loader.contentLoaderInfo.addEventListener(SecurityErrorEvent.SECURITY_ERROR,securityErrorHandler); } public function load(lib:String):void { swfLib = lib; request = new URLRequest(swfLib); var context:LoaderContext = new LoaderContext(); // context.applicationDomain = ApplicationDomain.currentDomain; context.applicationDomain = new ApplicationDomain(); loader.load(request,context); } public function getClass(className:String):Class { try { return loader.contentLoaderInfo.applicationDomain.getDefinition(className) as Class; } catch (e:Error) { throw new IllegalOperationError(className + " definition not found in " + swfLib); } return null; } private function completeHandler(e:Event):void { dispatchEvent(new Event(ClassLoader.CLASS_LOADED)); } private function ioErrorHandler(e:Event):void { dispatchEvent(new Event(ClassLoader.LOAD_ERROR)); } private function securityErrorHandler(e:Event):void { dispatchEvent(new Event(ClassLoader.LOAD_ERROR)); } } ApplicationDomain Creates a new application domain.parentDomainflash.system:ApplicationDomainnullIf no parent domain is passed in, this application domain takes the system domain as its parent. Creates a new application domain. getDefinition Gets a public definition from the specified application domain.throws SecurityError The definition belongs to a domain to which the calling code does not have access. No public definition exists with the specified name. ReferenceErrorReferenceErrorThe object associated with the definition. ObjectnameStringThe name of the definition. Gets a public definition from the specified application domain. The definition can be that of a class, a namespace, or a function. hasDefinition Checks to see if a public definition exists within the specified application domain.A value of true if the specified definition exists; otherwise, false. BooleannameStringThe name of the definition. Checks to see if a public definition exists within the specified application domain. The definition can be that of a class, a namespace, or a function. MIN_DOMAIN_MEMORY_LENGTH Gets the minimum memory object length required to be used as ApplicationDomain.domainMemory.uint Gets the minimum memory object length required to be used as ApplicationDomain.domainMemory. currentDomain Gets the current application domain in which your code is executing.Question: Do you call System.currentDomain? or Loader.currentDomain or request.currentDomain? flash.system:ApplicationDomain Gets the current application domain in which your code is executing. domainMemory Gets and sets the object on which domain-global memory operations will operate within this ApplicationDomain.flash.utils:ByteArray Gets and sets the object on which domain-global memory operations will operate within this ApplicationDomain. parentDomain Gets the parent domain of this application domain.flash.system:ApplicationDomain Gets the parent domain of this application domain. Security The Security class lets you specify how content in different domains can communicate with each other.Security, XMLNode object, built-in class Object The Security class lets you specify how content in different domains can communicate with each other. The following example shows how a click event on a Sprite object can be used to show the Local Storage Settings panel of the Flash Player Settings. An orange box is added to the stage using draw(). In draw(), a click event listener is added named clickHandler(), which responds to click events by directing Flash Player to open its Local Storage Settings panel. package { import flash.display.Sprite; import flash.text.TextField; import flash.events.*; import flash.system.Security; import flash.system.SecurityPanel; public class SecurityExample extends Sprite { private var bgColor:uint = 0xFFCC00; private var size:uint = 100; public function SecurityExample() { draw(); } private function draw():void { var child:Sprite = new Sprite(); child.graphics.beginFill(bgColor); child.graphics.drawRect(0, 0, size, size); child.graphics.endFill(); child.buttonMode = true; var label:TextField = new TextField(); label.text = "settings"; label.selectable = false; label.mouseEnabled = false; child.addChild(label); child.addEventListener(MouseEvent.CLICK, clickHandler); addChild(child); } private function clickHandler(event:MouseEvent):void { Security.showSettings(SecurityPanel.LOCAL_STORAGE); } } } allowDomain Lets SWF files in the identified domains access objects and variables in the SWF file that contains the allowDomain() call.Security, Security.allowDomain, allowDomain Calling this method from code in the AIR application security sandbox throws a SecurityError exception. Content outside of the application security sandbox cannot cross-script content in the application security sandbox. SecurityErrorSecurityErrordomainsOne or more strings or URLRequest objects that name the domains from which you want to allow access. You can specify the special domain "~~" to allow access from all domains.

In Flash Professional, specifying "~~" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using Access Network Only for the Local Playback Security option in the Flash authoring tool.

Note: The wildcard value does not work for subdomains. For example, you cannot use ~~.foo.com for the domains parameter. While you can specify a subdomain with a wild card value for a cross domain policy file (as in ~~.foo.com), you can't use a wildcard value that way for the allowDomain() method.

Lets SWF files and HTML files access objects and variables in the calling SWF file. Lets SWF files in the identified domains access objects and variables in the SWF file that contains the allowDomain() call.

Note: Calling this method from code in the AIR application sandbox throws a SecurityError exception. Content outside of the application security domain cannot directly cross-script content in the application sandbox. However, content outside of the application sandbox can communicate with content in the application security sandbox using a sandbox bridge.

If two SWF files are served from the same domain — for example, http://mysite.com/swfA.swf and http://mysite.com/swfB.swf — then swfA.swf can examine and modify variables, objects, properties, methods, and so on in swfB.swf, and swfB.swf can do the same for swfA.swf. This is called cross-movie scripting or cross-scripting.

If two SWF files are served from different domains — for example, http://siteA.com/swfA.swf and http://siteB.com/siteB.swf — then, by default, Flash Player does not allow swfA.swf to script swfB.swf, nor swfB.swf to script swfA.swf. A SWF file gives permission to SWF files from other domains by calling Security.allowDomain(). This is called cross-domain scripting. By calling Security.allowDomain("siteA.com"), siteB.swf gives siteA.swf permission to script it.

In any cross-domain situation, it is important to be clear about the two parties involved. For the purposes of this discussion, the side performing the cross-scripting is called the accessing party (usually the accessing SWF), and the other side is called the party being accessed (usually the SWF file being accessed). When siteA.swf scripts siteB.swf, siteA.swf is the accessing party, and siteB.swf is the party being accessed.

Cross-domain permissions that are established with allowDomain() are asymmetrical. In the previous example, siteA.swf can script siteB.swf, but siteB.swf cannot script siteA.swf, because siteA.swf has not called allowDomain() to give SWF files at siteB.com permission to script it. You can set up symmetrical permissions by having both SWF files call allowDomain().

In addition to protecting SWF files from cross-domain scripting originated by other SWF files, Flash Player protects SWF files from cross-domain scripting originated by HTML files. HTML-to-SWF scripting can occur with older browser functions such as SetVariable or callbacks established through ExternalInterface.addCallback(). When HTML-to-SWF scripting crosses domains, the SWF file being accessed must call allowDomain(), just as when the accessing party is a SWF file, or the operation will fail.

Specifying an IP address as a parameter to allowDomain() does not permit access by all parties that originate at the specified IP address. Instead, it permits access only by a party that contains the specified IP address it its URL, rather than a domain name that maps to that IP address.

Version-specific differences

Flash Player's cross-domain security rules have evolved from version to version. The following table summarizes the differences.

Latest SWF version involved in cross-scriptingallowDomain() needed?allowInsecureDomain() needed?Which SWF file must call allowDomain() or allowInsecureDomain()?What can be specified in allowDomain() or allowInsecureDomain()?5 or earlierNoNoN/AN/A6Yes, if superdomains don't matchNoThe SWF file being accessed, or any SWF file with the same superdomain as the SWF file being accessed

Text-based domain (mysite.com)
IP address (192.168.1.1)

7Yes, if domains don't match exactlyYes, if performing HTTP-to-HTTPS access (even if domains match exactly)The SWF file being accessed, or any SWF file with exactly the same domain as the SWF file being accessed

Text-based domain (mysite.com)
IP address (192.168.1.1)

8 or laterYes, if domains don't match exactlyYes, if performing HTTP-to-HTTPS access (even if domains match exactly)SWF file being accessed

Text-based domain (mysite.com)
IP address (192.168.1.1)
Wildcard (~~)

The versions that control the behavior of Flash Player are SWF versions (the published version of a SWF file), not the version of Flash Player itself. For example, when Flash Player 8 is playing a SWF file published for version 7, it applies behavior that is consistent with version 7. This practice ensures that player upgrades do not change the behavior of Security.allowDomain() in deployed SWF files.

The version column in the previous table shows the latest SWF version involved in a cross-scripting operation. Flash Player determines its behavior according to either the accessing SWF file's version or the version of the SWF file that is being accessed, whichever is later.

The following paragraphs provide more detail about Flash Player security changes involving Security.allowDomain().

Version 5. There are no cross-domain scripting restrictions.

Version 6. Cross-domain scripting security is introduced. By default, Flash Player forbids cross-domain scripting; Security.allowDomain() can permit it. To determine whether two files are in the same domain, Flash Player uses each file's superdomain, which is the exact host name from the file's URL, minus the first segment, down to a minimum of two segments. For example, the superdomain of www.mysite.com is mysite.com. SWF files from www.mysite.com and store.mysite.com to script each other without a call to Security.allowDomain().

Version 7. Superdomain matching is changed to exact domain matching. Two files are permitted to script each other only if the host names in their URLs are identical; otherwise, a call to Security.allowDomain() is required. By default, files loaded from non-HTTPS URLs are no longer permitted to script files loaded from HTTPS URLs, even if the files are loaded from exactly the same domain. This restriction helps protect HTTPS files, because a non-HTTPS file is vulnerable to modification during download, and a maliciously modified non-HTTPS file could corrupt an HTTPS file, which is otherwise immune to such tampering. Security.allowInsecureDomain() is introduced to allow HTTPS SWF files that are being accessed to voluntarily disable this restriction, but the use of Security.allowInsecureDomain() is discouraged.

Version 8. There are two major areas of change:

Calling Security.allowDomain() now permits cross-scripting operations only if the SWF file being accessed is the SWF file that called Security.allowDomain(). In other words, a SWF file that calls Security.allowDomain() now permits access only to itself. In previous versions, calling Security.allowDomain() permitted cross-scripting operations where the SWF file being accessed could be any SWF file in the same domain as the SWF file that called Security.allowDomain(). Calling Security.allowDomain() previously opened up the entire domain of the calling SWF file.
Support has been added for wildcard values with Security.allowDomain("~~") and Security.allowInsecureDomain("~~"). The wildcard (~~) value permits cross-scripting operations where the accessing file is any file at all, loaded from anywhere. Think of the wildcard as a global permission. Wildcard permissions are required to enable certain kinds of operations under the local file security rules. Specifically, for a local SWF file with network-access permissions to script a SWF file on the Internet, the Internet SWF file being accessed must call Security.allowDomain("~~"), reflecting that the origin of a local SWF file is unknown. (If the Internet SWF file is loaded from an HTTPS URL, the Internet SWF file must instead call Security.allowInsecureDomain("~~").)

Occasionally, you may encounter the following situation: You load a child SWF file from a different domain and want to allow the child SWF file to script the parent SWF file, but you don't know the final domain of the child SWF file. This can happen, for example, when you use load-balancing redirects or third-party servers.

In this situation, you can use the url property of the URLRequest object that you pass to Loader.load(). For example, if you load a child SWF file into a parent SWF, you can access the contentLoaderInfo property of the Loader object for the parent SWF:

Security.allowDomain(loader.contentLoaderInfo.url)

Make sure that you wait until the child SWF file begins loading to get the correct value of the url property. To determine when the child SWF has begun loading, use the progress event.

The opposite situation can also occur; that is, you might create a child SWF file that wants to allow its parent to script it, but doesn't know what the domain of its parent will be. In this situation, you can access the loaderInfo property of the display object that is the SWF's root object. In the child SWF, call Security.allowDomain( this.root.loaderInfo.loaderURL). You don't have to wait for the parent SWF file to load; the parent will already be loaded by the time the child loads.

If you are publishing for Flash Player 8 or later, you can also handle these situations by calling Security.allowDomain("~~"). However, this can sometimes be a dangerous shortcut, because it allows the calling SWF file to be accessed by any other SWF file from any domain. It is usually safer to use the _url property.

For more information related to security, see the Flash Player Developer Center Topic: Security.

allowInsecureDomain Lets SWF files and HTML files in the identified domains access objects and variables in the calling SWF file, which is hosted by means of the HTTPS protocol.Security, Security.allowInsecureDomain, allowInsecureDomain Calling this method from code in the AIR application security sandbox causes a SecurityError exception to be thrown. Content outside of the application security sandbox cannot cross-script content in the application security sandbox. SecurityErrorSecurityErrordomainsOne or more strings or URLRequest objects that name the domains from which you want to allow access. You can specify the special domain "~~" to allow access from all domains.

Specifying "~~" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using the Access Network Only option for the Local Playback Security setting (File > Publish Settings > Flash tab) in the Flash authoring tool.

Lets SWF and HTML files hosted using the HTTPS protocol, access objects and variables in the calling SWF file. Lets SWF files and HTML files in the identified domains access objects and variables in the calling SWF file, which is hosted by means of the HTTPS protocol.

Flash Player provides allowInsecureDomain() to maximize flexibility, but calling this method is not recommended. Serving a file over HTTPS provides several protections for you and your users, and calling allowInsecureDomain weakens one of those protections.

This method works in the same way as Security.allowDomain(), but it also permits operations in which the accessing party is loaded with a non-HTTPS protocol, and the party being accessed is loaded with HTTPS. In Flash Player 7 and later, non-HTTPS files are not allowed to script HTTPS files. The allowInsecureDomain() method lifts this restriction when the HTTPS SWF file being accessed uses it.

Use allowInsecureDomain() only to enable scripting from non-HTTPS files to HTTPS files. Use it to enable scripting when the accessing non-HTTPS file and the HTTPS file being accessed are served from the same domain, for example, if a SWF file at http://mysite.com wants to script a SWF file at https://mysite.com. Do not use this method to enable scripting between non-HTTPS files, between HTTPS files, or from HTTPS files to non-HTTPS files. For those situations, use allowDomain() instead.

The following scenario illustrates how allowInsecureDomain() can compromise security, if it is not used with careful consideration.

Note that the following information is only one possible scenario, designed to help you understand allowInsecureDomain() through a real-world example of cross-scripting. It does not cover all issues with security architecture and should be used for background information only. The Flash Player Developer Center contains extensive information on Flash Player and security. For more information, see the Flash Player Developer Center Topic Security.

Suppose you are building an e-commerce site that consists of two components: a catalog, which does not need to be secure, because it contains only public information; and a shopping cart/checkout component, which must be secure to protect users' financial and personal information. Suppose you are considering serving the catalog from http://mysite.com/catalog.swf and the cart from https://mysite.com/cart.swf. One requirement for your site is that a third party should not be able to steal your users' credit card numbers by taking advantage of a weakness in your security architecture.

Suppose that a middle-party attacker intervenes between your server and your users, attempting to steal the credit card numbers that your users enter into your shopping cart application. A middle party might, for example, be an unscrupulous ISP used by some of your users, or a malicious administrator at a user's workplace — anyone who has the ability to view or alter network packets transmitted over the public Internet between your users and your servers. This situation is not uncommon.

If cart.swf uses HTTPS to transmit credit card information to your servers, then the middle-party attacker can't directly steal this information from network packets, because the HTTPS transmission is encrypted. However, the attacker can use a different technique: altering the contents of one of your SWF files as it is delivered to the user, replacing your SWF file with an altered version that transmits the user's information to a different server, owned by the attacker.

The HTTPS protocol, among other things, prevents this "modification" attack from working, because, in addition to being encrypted, HTTPS transmissions are tamper-resistant. If a middle-party attacker alters a packet, the receiving side detects the alteration and discards the packet. So the attacker in this situation can't alter cart.swf, because it is delivered over HTTPS.

However, suppose that you want to allow buttons in catalog.swf, served over HTTP, to add items to the shopping cart in cart.swf, served over HTTPS. To accomplish this, cart.swf calls allowInsecureDomain(), which allows catalog.swf to script cart.swf. This action has an unintended consequence: Now the attacker can alter catalog.swf as it is initially being downloaded by the user, because catalog.swf is delivered with HTTP and is not tamper-resistant. The attacker's altered catalog.swf can now script cart.swf, because cart.swf contains a call to allowInsecureDomain(). The altered catalog.swf file can use ActionScript to access the variables in cart.swf, thus reading the user's credit card information and other sensitive data. The altered catalog.swf can then send this data to an attacker's server.

Obviously, this implementation is not desired, but you still want to allow cross-scripting between the two SWF files on your site. Here are two possible ways to redesign this hypothetical e-commerce site to avoid allowInsecureDomain():

Serve all SWF files in the application over HTTPS. This is by far the simplest and most reliable solution. In the scenario described, you would serve both catalog.swf and cart.swf over HTTPS. You might experience slightly higher bandwidth consumption and server CPU load when switching a file such as catalog.swf from HTTP to HTTPS, and your users might experience slightly longer application load times. You need to experiment with real servers to determine the severity of these effects; usually they are no worse than 10-20% each, and sometimes they are not present at all. You can usually improve results by using HTTPS-accelerating hardware or software on your servers. A major benefit of serving all cooperating SWF files over HTTPS is that you can use an HTTPS URL as the main URL in the user's browser without generating any mixed-content warnings from the browser. Also, the browser's padlock icon becomes visible, providing your users with a common and trusted indicator of security.
Use HTTPS-to-HTTP scripting, rather than HTTP-to-HTTPS scripting. In the scenario described, you could store the contents of the user's shopping cart in catalog.swf, and have cart.swf manage only the checkout process. At checkout time, cart.swf could retrieve the cart contents from ActionScript variables in catalog.swf. The restriction on HTTP-to-HTTPS scripting is asymmetrical; although an HTTP-delivered catalog.swf file cannot safely be allowed to script an HTTPS-delivered cart.swf file, an HTTPS cart.swf file can script the HTTP catalog.swf file. This approach is more delicate than the all-HTTPS approach; you must be careful not to trust any SWF file delivered over HTTP, because of its vulnerability to tampering. For example, when cart.swf retrieves the ActionScript variable that describes the cart contents, the ActionScript code in cart.swf cannot trust that the value of this variable is in the format that you expect. You must verify that the cart contents do not contain invalid data that might lead cart.swf to take an undesired action. You must also accept the risk that a middle party, by altering catalog.swf, could supply valid but inaccurate data to cart.swf; for example, by placing items in the user's cart. The usual checkout process mitigates this risk somewhat by displaying the cart contents and total cost for final approval by the user, but the risk remains present.

Web browsers have enforced separation between HTTPS and non-HTTPS files for years, and the scenario described illustrates one good reason for this restriction. Flash Player gives you the ability to work around this security restriction when you absolutely must, but be sure to consider the consequences carefully before doing so.

For more information related to security, see the Flash Player Developer Center Topic: Security.

loadPolicyFile Looks for a policy file at the location specified by the url parameter.urlStringThe URL location of the policy file to be loaded. Looks for a policy file at the location specified by the url parameter. Looks for a policy file at the location specified by the url parameter. Adobe AIR and Flash Player use policy files to determine whether to permit applications to load data from servers other than their own. Note that even though the method name is loadPolicyFile(), the file isn't actually loaded until a network request that requires a policy file is made.

With Security.loadPolicyFile(), Flash Player or AIR can load policy files from arbitrary locations, as shown in the following example:

Security.loadPolicyFile("http://www.example.com/sub/dir/pf.xml");

This causes Flash Player or AIR to attempt to retrieve a policy file from the specified URL. Any permissions granted by the policy file at that location will apply to all content at the same level or lower in the virtual directory hierarchy of the server.

For example, following the previous code, these lines do not throw an exception:

import flash.net.~~; var request:URLRequest = new URLRequest("http://www.example.com/sub/dir/vars.txt"); var loader:URLLoader = new URLLoader(); loader.load(request); var loader2:URLLoader = new URLLoader(); var request2:URLRequest = new URLRequest("http://www.example.com/sub/dir/deep/vars2.txt"); loader2.load(request2);

However, the following code does throw a security exception:

import flash.net.~~; var request3:URLRequest = new URLRequest("http://www.example.com/elsewhere/vars3.txt"); var loader3:URLLoader = new URLLoader(); loader3.load(request3);

You can use loadPolicyFile() to load any number of policy files. When considering a request that requires a policy file, Flash Player or AIR always waits for the completion of any policy file downloads before denying a request. As a final fallback, if no policy file specified with loadPolicyFile() authorizes a request, Flash Player or AIR consults the original default locations.

When checking for a master policy file, Flash Player waits three seconds for a server response. If a response isn't received, Flash Player assumes that no master policy file exists. However, there is no default timeout value for calls to loadPolicyFile(); Flash Player assumes that the file being called exists, and waits as long as necessary to load it. Therefore, if you want to make sure that a master policy file is loaded, use loadPolicyFile() to call it explicitly.

You cannot connect to commonly reserved ports. For a complete list of blocked ports, see "Restricting Networking APIs" in the ActionScript 3.0 Developer's Guide.

Using the xmlsocket protocol along with a specific port number lets you retrieve policy files directly from an XMLSocket server, as shown in the following example. Socket connections are not subject to the reserved port restriction described above.

Security.loadPolicyFile("xmlsocket://foo.com:414");

This causes Flash Player or AIR to attempt to retrieve a policy file from the specified host and port. Upon establishing a connection with the specified port, Flash Player or AIR transmits <policy-file-request />, terminated by a null byte. The server must send a null byte to terminate a policy file, and may thereafter close the connection; if the server does not close the connection, Flash Player or AIR does so upon receiving the terminating null byte.

You can prevent a SWF file from using this method by setting the allowNetworking parameter of the object and embed tags in the HTML page that contains the SWF content.

For more information related to security, see the Flash Player Developer Center Topic: Security.

showSettings Displays the Security Settings panel in Flash Player.Security, Security.showSettings(), showSettings() panelStringdefaultA value from the SecurityPanel class that specifies which Security Settings panel you want to display. If you omit this parameter, SecurityPanel.DEFAULT is used. Displays the Security Settings panel in Flash Player. This method does not apply to content in Adobe AIR; calling it in an AIR application has no effect. APPLICATION The file is running in an AIR application, and it was installed with the package (the AIR file) for that application.applicationString The file is running in an AIR application, and it was installed with the package (the AIR file) for that application. This content is included in the AIR application resource directory (where the application content is installed). LOCAL_TRUSTED The file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. localTrustedString The file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet. LOCAL_WITH_FILE The file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. localWithFileString The file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. In Adobe AIR, the local file is not in the application resource directory; such files are put in the application security sandbox. The file may read from local data sources but may not communicate with the Internet. LOCAL_WITH_NETWORK The file is a local file, has not been trusted by the user, and it is a SWF file that was published with a networking designation. localWithNetworkString The file is a local file, has not been trusted by the user, and it is a SWF file that was published with a networking designation. The file can communicate with the Internet but cannot read from local data sources. REMOTE The file is from an Internet URL and operates under domain-based sandbox rules. remoteString The file is from an Internet URL and operates under domain-based sandbox rules. exactSettings Determines how Flash Player or AIR chooses the domain to use for certain content settings, including settings for camera and microphone permissions, storage quotas, and storage of persistent shared objects.Security, Security.exactSettings, exactSettings BooleanA Flash Player or AIR application already used the value of exactSettings at least once in a decision about player settings. SecurityErrorSecurityError Determines how Flash Player or AIR chooses the domain to use for certain content settings, including settings for camera and microphone permissions, storage quotas, and storage of persistent shared objects. To have the SWF file use the same settings that were used in Flash Player 6, set exactSettings to false.

In Flash Player 6, the domain used for these player settings was based on the trailing portion of the domain of the SWF file. If the domain of a SWF file includes more than two segments, such as www.example.com, the first segment of the domain ("www") is removed, and the remaining portion of the domain is used: example.com. So, in Flash Player 6, www.example.com and store.example.com both use example.com as the domain for these settings. Similarly, www.example.co.uk and store.example.co.uk both use example.co.uk as the domain for these settings. In Flash Player 7 and later, player settings are chosen by default according to a SWF file's exact domain; for example, a SWF file from www.example.com would use the player settings for www.example.com, and a SWF file from store.example.com would use the separate player settings for store.example.com.

When Security.exactSettings is set to true, Flash Player or AIR uses exact domains for player settings. The default value for exactSettings is true. If you change exactSettings from its default value, do so before any events occur that require Flash Player or AIR to choose player settings — for example, using a camera or microphone, or retrieving a persistent shared object.

If you previously published a version 6 SWF file and created persistent shared objects from it, and you now need to retrieve those persistent shared objects from that SWF file after porting it to version 7 or later, or from a different SWF file of version 7 or later, set Security.exactSettings to false before calling SharedObject.getLocal().

pageDomain Get the page domain containing the swf.String Get the page domain containing the swf. For security reasons, the method does not return the full URL, only the page domain, such as http://www.example.com. sandboxType Indicates the type of security sandbox in which the calling file is operating.String Indicates the type of security sandbox in which the calling file is operating.

Security.sandboxType has one of the following values:

remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.

For more information related to security, see the Flash Player Developer Center Topic: Security.

LoaderContext The LoaderContext class provides options for loading SWF files and other media by using the Loader class.Object The LoaderContext class provides options for loading SWF files and other media by using the Loader class. The LoaderContext class is used as the context parameter in the load() and loadBytes() methods of the Loader class.

When loading SWF files with the Loader.load() method, you have two decisions to make: into which security domain the loaded SWF file should be placed, and into which application domain within that security domain? For more details on these choices, see the applicationDomain and securityDomain properties.

When loading a SWF file with the Loader.loadBytes() method, you have the same application domain choice to make as for Loader.load(), but it's not necessary to specify a security domain, because Loader.loadBytes() always places its loaded SWF file into the security domain of the loading SWF file.

When loading images (JPEG, GIF, or PNG) instead of SWF files, there is no need to specify a SecurityDomain or an application domain, because those concepts are meaningful only for SWF files. Instead, you have only one decision to make: do you need programmatic access to the pixels of the loaded image? If so, see the checkPolicyFile property. If you want to apply deblocking when loading an image, use the JPEGLoaderContext class instead of the LoaderContext class.

LoaderContext Creates a new LoaderContext object, with the specified settings.checkPolicyFileBooleanfalseSpecifies whether a check should be made for the existence of a URL policy file before loading the object. applicationDomainflash.system:ApplicationDomainnullSpecifies the ApplicationDomain object to use for a Loader object. securityDomainflash.system:SecurityDomainnullSpecifies the SecurityDomain object to use for a Loader object.

Note: Content in the air application security sandbox cannot load content from other sandboxes into its SecurityDomain.

Creates a new LoaderContext object, with the specified settings. For complete details on these settings, see the descriptions of the properties of this class. allowCodeImport Specifies whether you can use a Loader object to import content with executable code, such as a SWF file, into the caller's security sandbox.Boolean Specifies whether you can use a Loader object to import content with executable code, such as a SWF file, into the caller's security sandbox. There are two affected importing operations: the Loader.loadBytes() method, and the Loader.load() method with LoaderContext.securityDomain = SecurityDomain.currentDomain. (The latter operation is not supported in the AIR application sandbox.) With the allowCodeImport property set to false, these importing operations are restricted to safe operations, such as loading images. Normal, non-importing SWF file loading with the Loader.load() method is not affected by the value of this property.

This property is useful when you want to import image content into your sandbox - for example, when you want to replicate or process an image from a different domain - but you don't want to take the security risk of receiving a SWF file when you expected only an image file. Since SWF files may contain ActionScript code, importing a SWF file is a much riskier operation than importing an image file.

In AIR content in the application sandbox, the default value is false. In non-application content (which includes all content in Flash Player), the default value is true.

The allowCodeImport property was added in Flash Player 10.1 and AIR 2.0. However, this property is made available to SWF files and AIR applications of all versions when the Flash Runtime supports it.

applicationDomain Specifies the application domain to use for the Loader.load() or Loader.loadBytes() method.nullflash.system:ApplicationDomain Specifies the application domain to use for the Loader.load() or Loader.loadBytes() method. Use this property only when loading a SWF file written in ActionScript 3.0 (not an image or a SWF file written in ActionScript 1.0 or ActionScript 2.0).

Every security domain is divided into one or more application domains, represented by ApplicationDomain objects. Application domains are not for security purposes; they are for managing cooperating units of ActionScript code. If you are loading a SWF file from another domain, and allowing it to be placed in a separate security domain, then you cannot control the choice of application domain into which the loaded SWF file is placed; and if you have specified a choice of application domain, it will be ignored. However, if you are loading a SWF file into your own security domain — either because the SWF file comes from your own domain, or because you are importing it into your security domain — then you can control the choice of application domain for the loaded SWF file.

You can pass an application domain only from your own security domain in LoaderContext.applicationDomain. Attempting to pass an application domain from any other security domain results in a SecurityError exception.

You have four choices for what kind of ApplicationDomain property to use:

Child of loader's ApplicationDomain. The default. You can explicitly represent this choice with the syntax new ApplicationDomain(ApplicationDomain.currentDomain). This allows the loaded SWF file to use the parent's classes directly, for example by writing new MyClassDefinedInParent(). The parent, however, cannot use this syntax; if the parent wishes to use the child's classes, it must call ApplicationDomain.getDefinition() to retrieve them. The advantage of this choice is that, if the child defines a class with the same name as a class already defined by the parent, no error results; the child simply inherits the parent's definition of that class, and the child's conflicting definition goes unused unless either child or parent calls the ApplicationDomain.getDefinition() method to retrieve it.
Loader's own ApplicationDomain. You use this application domain when using ApplicationDomain.currentDomain. When the load is complete, parent and child can use each other's classes directly. If the child attempts to define a class with the same name as a class already defined by the parent, the parent class is used and the child class is ignored.
Child of the system ApplicationDomain. You use this application domain when using new ApplicationDomain(null). This separates loader and loadee entirely, allowing them to define separate versions of classes with the same name without conflict or overshadowing. The only way either side sees the other's classes is by calling the ApplicationDomain.getDefinition() method.
Child of some other ApplicationDomain. Occasionally you may have a more complex ApplicationDomain hierarchy. You can load a SWF file into any ApplicationDomain from your own SecurityDomain. For example, new ApplicationDomain(ApplicationDomain.currentDomain.parentDomain.parentDomain) loads a SWF file into a new child of the current domain's parent's parent.

When a load is complete, either side (loading or loaded) may need to find its own ApplicationDomain, or the other side's ApplicationDomain, for the purpose of calling ApplicationDomain.getDefinition(). Either side can retrieve a reference to its own application domain by using ApplicationDomain.currentDomain. The loading SWF file can retrieve a reference to the loaded SWF file's ApplicationDomain via Loader.contentLoaderInfo.applicationDomain. If the loaded SWF file knows how it was loaded, it can find its way to the loading SWF file's ApplicationDomain object. For example, if the child was loaded in the default way, it can find the loading SWF file's application domain by using ApplicationDomain.currentDomain.parentDomain.

For more information, see the "ApplicationDomain class" section of the "Client System Environment" chapter of the ActionScript 3.0 Developer's Guide.

checkPolicyFile Specifies whether the application should attempt to download a URL policy file from the loaded object's server before beginning to load the object itself.falseBoolean Specifies whether the application should attempt to download a URL policy file from the loaded object's server before beginning to load the object itself. This flag is applicable to the Loader.load() method, but not to the Loader.loadBytes() method.

Set this flag to true when you are loading an image (JPEG, GIF, or PNG) from outside the calling SWF file's own domain, and you expect to need access to the content of that image from ActionScript. Examples of accessing image content include referencing the Loader.content property to obtain a Bitmap object, and calling the BitmapData.draw() method to obtain a copy of the loaded image's pixels. If you attempt one of these operations without having specified checkPolicyFile at loading time, you may get a SecurityError exception because the needed policy file has not been downloaded yet.

When you call the Loader.load() method with LoaderContext.checkPolicyFile set to true, the application does not begin downloading the specified object in URLRequest.url until it has either successfully downloaded a relevant URL policy file or discovered that no such policy file exists. Flash Player or AIR first considers policy files that have already been downloaded, then attempts to download any pending policy files specified in calls to the Security.loadPolicyFile() method, then attempts to download a policy file from the default location that corresponds to URLRequest.url, which is /crossdomain.xml on the same server as URLRequest.url. In all cases, the given policy file is required to exist at URLRequest.url by virtue of the policy file's location, and the file must permit access by virtue of one or more <allow-access-from> tags.

If you set checkPolicyFile to true, the main download that specified in the Loader.load() method does not load until the policy file has been completely processed. Therefore, as long as the policy file that you need exists, as soon as you have received any ProgressEvent.PROGRESS or Event.COMPLETE events from the contentLoaderInfo property of your Loader object, the policy file download is complete, and you can safely begin performing operations that require the policy file.

If you set checkPolicyFile to true, and no relevant policy file is found, you will not receive any error indication until you attempt an operation that throws a SecurityError exception. However, once the LoaderInfo object dispatches a ProgressEvent.PROGRESS or Event.COMPLETE event, you can test whether a relevant policy file was found by checking the value of the LoaderInfo.childAllowsParent property.

If you will not need pixel-level access to the image that you are loading, you should not set the checkPolicyFile property to true. Checking for a policy file in this case is wasteful, because it may delay the start of your download, and it may consume network bandwidth unnecessarily.

Also try to avoid setting checkPolicyFile to true if you are using the Loader.load() method to download a SWF file. This is because SWF-to-SWF permissions are not controlled by policy files, but rather by the Security.allowDomain() method, and thus checkPolicyFile has no effect when you load a SWF file. Checking for a policy file in this case is wasteful, because it may delay the download of the SWF file, and it may consume network bandwidth unnecessarily. (Flash Player or AIR cannot tell whether your main download will be a SWF file or an image, because the policy file download occurs before the main download.)

Be careful with checkPolicyFile if you are downloading an object from a URL that may use server-side HTTP redirects. Policy files are always retrieved from the corresponding initial URL that you specify in URLRequest.url. If the final object comes from a different URL because of HTTP redirects, then the initially downloaded policy files might not be applicable to the object's final URL, which is the URL that matters in security decisions. If you find yourself in this situation, you can examine the value of LoaderInfo.url after you have received a ProgressEvent.PROGRESS or Event.COMPLETE event, which tells you the object's final URL. Then call the Security.loadPolicyFile() method with a policy file URL based on the object's final URL. Then poll the value of LoaderInfo.childAllowsParent until it becomes true.

You do not need to set this property for AIR content running in the application sandbox. Content in the AIR application sandbox can call the BitmapData.draw() method using any loaded image content as the source.

imageDecodingPolicy Specifies whether to decode image data when it is used or when it is loaded.String Specifies whether to decode image data when it is used or when it is loaded.

Under the default policy, ImageDecodingPolicy.ON_DEMAND, the runtime decodes the image data when the data is needed for display or other purpose. This policy maintains the decoding behavior used by previous versions of the runtime.

Under the ImageDecodingPolicy.ON_LOAD policy, the runtime decodes the image immediately after it is loaded and before dispatching the complete event. Decoding images on load rather than on demand can improve animation and UI performance when several loaded images are displayed in quick succession, such as in a scrolling list or a cover flow control. On the other hand, using the onLoad policy indiscriminately can increase the peak memory usage of your application since more decoded image data might be in memory at one time than would be the case under the onDemand policy.

Under both policies, the runtime uses the same cache and flush behavior after the image is decoded. The runtime can flush the decoded data at any time and re-decode the image the next time it is required.

parameters An Object containing the parameters to pass to the LoaderInfo object of the content.Object An Object containing the parameters to pass to the LoaderInfo object of the content.

Normally, the value of the contentLoaderInfo.parameters property is obtained by parsing the requesting URL. If the parameters var is set, the contentLoaderInfo.parameters gets its value from the LoaderContext object, instead of from the requesting URL. The parameters var accepts only objects containing name-value string pairs, similar to URL parameters. If the object does not contain name-value string pairs, an IllegalOperationError is thrown.

The intent of this API is to enable the loading SWF file to forward its parameters to a loaded SWF file. This functionality is especially helpful when you use the loadBytes() method, since LoadBytes does not provide a means of passing parameters through the URL. Parameters can be forwarded successfully only to another AS3 SWF file; an AS1 or AS2 SWF file cannot receive the parameters in an accessible form, although the AVM1Movie's AS3 loaderInfo.parameters object will be the forwarded object.

For example, consider the following URL:

http://yourdomain/users/jdoe/test01/child.swf?foo=bar;

The following code uses the LoaderContext.parameters property to replicate a parameter passed to this URL:

      import flash.system.LoaderContext; 
      import flash.display.Loader; 
      var l:Loader = new Loader(); 
      var lc:LoaderContext = new LoaderContext; 
      lc.parameters = { "foo": "bar" }; 
      l.load(new URLRequest("child.swf"), lc);

To verify that the parameter passed properly, use the following trace statement after you run this code:

trace(loaderInfo.parameters.foo);

If the content loaded successfully, this trace prints "bar".

requestedContentParent The parent to which the Loader will attempt to add the loaded content.flash.display:DisplayObjectContainer The parent to which the Loader will attempt to add the loaded content.

When content is completely loaded, the Loader object normally becomes the parent of the content. If requestedContentParent is set, the object that it specifies becomes the parent, unless a runtime error prevents the assignment. This reparenting can also be done after the complete event without use of this property. However, specifying the parent with LoaderContext.requestedContentParent eliminates extra events.

LoaderContext.requestedContentParent sets the desired parent before frame one scripts in the loaded content execute, but after the constructor has run. If requestedContentParent is null (the default), the Loader object becomes the content's parent.

If the loaded content is an AVM1Movie object, or if an error is thrown when addChild() is called on the requestedContentParent object, then the following actions occur:

The Loader object becomes the parent of the loaded content.
The runtime dispatches an AsyncErrorEvent.

If the requested parent and the loaded content are in different security sandboxes, and if the requested parent does not have access to the loaded content, then the following actions occur:

The Loader becomes the parent of the loaded content.
The runtime dispatches a SecurityErrorEvent.

The following code uses requestedContentParent to place the loaded content into a Sprite object:

      import flash.system.LoaderContext; 
      import flash.display.Loader; 
      import flash.display.Sprite; 
     
      var lc:LoaderContext = new LoaderContext(); 
      var l:Loader = new Loader(); 
      var s:Sprite = new Sprite(); 
      lc.requestedContentParent = s; 
      addChild(s); 
      l.load(new URLRequest("child.swf"), lc);

When this code runs, the child SWF file appears on stage. This fact confirms that the Sprite object you added to the stage is the parent of the loaded child.swf file.

securityDomain Specifies the security domain to use for a Loader.load() operation.nullflash.system:SecurityDomain Specifies the security domain to use for a Loader.load() operation. Use this property only when loading a SWF file (not an image).

The choice of security domain is meaningful only if you are loading a SWF file that might come from a different domain (a different server) than the loading SWF file. When you load a SWF file from your own domain, it is always placed into your security domain. But when you load a SWF file from a different domain, you have two options. You can allow the loaded SWF file to be placed in its "natural" security domain, which is different from that of the loading SWF file; this is the default. The other option is to specify that you want to place the loaded SWF file placed into the same security domain as the loading SWF file, by setting myLoaderContext.securityDomain to be equal to SecurityDomain.currentDomain. This is called import loading, and it is equivalent, for security purposes, to copying the loaded SWF file to your own server and loading it from there. In order for import loading to succeed, the loaded SWF file's server must have a policy file trusting the domain of the loading SWF file.

You can pass your own security domain only in LoaderContext.securityDomain. Attempting to pass any other security domain results in a SecurityError exception.

Content in the AIR application security sandbox cannot load content from other sandboxes into its SecurityDomain.

For more information, see the "Security" chapter in the ActionScript 3.0 Developer's Guide.

allowLoadBytesCodeExecution Legacy property, replaced by allowCodeImport, but still supported for compatibility.Boolean Legacy property, replaced by allowCodeImport, but still supported for compatibility. Previously, the only operation affected by allowLoadBytesCodeExecution was the Loader.loadBytes() method, but as of Flash Player 10.1 and AIR 2.0, the import-loading operation of Loader.load() with LoaderContext.securityDomain = SecurityDomain.currentDomain is affected as well. (The latter operation is not supported in the AIR application sandbox.) This dual effect made the property name allowLoadBytesCodeExecution overly specific, so now allowCodeImport is the preferred property name. Setting either of allowCodeImport or allowLoadBytesCodeExecution will affect the value of both.

Specifies whether you can use a Loader object to import content with executable code, such as a SWF file, into the caller's security sandbox. With this property set to false, these importing operations are restricted to safe operations, such as loading images.

In AIR content in the application sandbox, the default value is false. In non-application content, the default value is true.

JPEGLoaderContext The JPEGLoaderContext class includes a property for enabling a deblocking filter when loading a JPEG image.flash.system:LoaderContext The JPEGLoaderContext class includes a property for enabling a deblocking filter when loading a JPEG image. The deblocking filter improves an image's quality at higher compression settings by smoothing neighboring pixels. To apply deblocking when loading a JPEG image, create a JPEGLoaderContext object, and set its deblockingFilter property. Then use the JPEGLoaderContext object name as the value of the context parameter of the load() method of the Loader object used to load the image.

The JPEGLoaderContext class extends the LoaderContext class. Set the checkPolicyFile property to true if you need programmatic access to the pixels of the loaded image (for example, if you're using the BitmapData.draw() method). Setting the checkPolicyFile property is not necessary for AIR content running in the application sandbox.

JPEGLoaderContext Creates a new JPEGLoaderContext object with the specified settings.deblockingFilterNumber0.0Specifies the strength of the deblocking filter. A value of 1.0 applies a full strength deblocking filter, a value of 0.0 disables the deblocking filter. checkPolicyFileBooleanfalseSpecifies whether Flash Player should check for the existence of a URL policy file before loading the object. Does not apply for AIR content running in the application sandbox. applicationDomainflash.system:ApplicationDomainnullSpecifies the ApplicationDomain object to use for a Loader object. securityDomainflash.system:SecurityDomainnullSpecifies the SecurityDomain object to use for a Loader object. Creates a new JPEGLoaderContext object with the specified settings. deblockingFilter Specifies the strength of the deblocking filter.0.0Number Specifies the strength of the deblocking filter. A value of 1.0 applies a full strength deblocking filter, a value of 0.0 disables the deblocking filter. Capabilities The Capabilities class provides properties that describe the system and runtime that are hosting the application.Capabilities, Capabilities object, built-in class Object The Capabilities class provides properties that describe the system and runtime that are hosting the application. For example, a mobile phone's screen might be 100 square pixels, black and white, whereas a PC screen might be 1000 square pixels, color. By using the Capabilities class to determine what capabilities the client has, you can provide appropriate content to as many users as possible. When you know the device's capabilities, you can tell the server to send the appropriate SWF files or tell the SWF file to alter its presentation.

However, some capabilities of Adobe AIR are not listed as properties in the Capabilities class. They are properties of other classes:

PropertyDescriptionNativeApplication.supportsDockIconWhether the operating system supports application doc icons.NativeApplication.supportsMenuWhether the operating system supports a global application menu bar.NativeApplication.supportsSystemTrayIconWhether the operating system supports system tray icons.NativeWindow.supportsMenuWhether the operating system supports window menus.NativeWindow.supportsTransparencyWhether the operating system supports transparent windows.

Do not use Capabilities.os or Capabilities.manufacturer to determine a capability based on the operating system. Basing a capability on the operating system is a bad idea, since it can lead to problems if an application does not consider all potential target operating systems. Instead, use the property corresponding to the capability for which you are testing.

You can send capabilities information, which is stored in the Capabilities.serverString property as a URL-encoded string, using the GET or POST HTTP method. The following example shows a server string for a computer that has MP3 support and 1600 x 1200 pixel resolution and that is running Windows XP with an input method editor (IME) installed:

A=t&SA=t&SV=t&EV=t&MP3=t&AE=t&VE=t&ACC=f&PR=t&SP=t&
     SB=f&DEB=t&V=WIN%209%2C0%2C0%2C0&M=Adobe%20Windows&
     R=1600x1200&DP=72&COL=color&AR=1.0&OS=Windows%20XP&
     L=en&PT=External&AVD=f&LFD=f&WD=f&IME=t

The following table lists the properties of the Capabilities class and corresponding server strings: Capabilities class propertyServer stringavHardwareDisableAVDhasAccessibilityACChasAudioAhasAudioEncoderAEhasEmbeddedVideoEVhasIMEIMEhasMP3MP3hasPrintingPRhasScreenBroadcastSBhasScreenPlaybackSPhasStreamingAudioSAhasStreamingVideoSVhasTLSTLShasVideoEncoderVEisDebuggerDEBlanguageLlocalFileReadDisableLFDmanufacturerMmaxLevelIDCMLosOSpixelAspectRatioARplayerTypePTscreenColorCOLscreenDPIDPscreenResolutionXRscreenResolutionYRversionV

There is also a WD server string that specifies whether windowless mode is disabled. Windowless mode can be disabled in Flash Player due to incompatibility with the web browser or to a user setting in the mms.cfg file. There is no corresponding Capabilities property.

All properties of the Capabilities class are read-only.

The following example outputs the values found in the flash.system.Capabilities object. First, it outputs the values into a text field. Then, it outputs the values using several calls to trace(). package { import flash.display.Sprite; import flash.system.Capabilities; import flash.text.TextField; import flash.text.TextFieldAutoSize; public class CapabilitiesExample extends Sprite { public function CapabilitiesExample() { showCapabilities(); } private function showCapabilities():void { var tf:TextField = new TextField(); tf.height = 600; tf.width = 400; tf.autoSize = TextFieldAutoSize.LEFT; tf.wordWrap = true; tf.text = "avHardwareDisable: " + Capabilities.avHardwareDisable + "\nhasAccessibility: " + Capabilities.hasAccessibility + "\nhasAudio: " + Capabilities.hasAudio + "\nhasAudioEncoder: " + Capabilities.hasAudioEncoder + "\nhasEmbeddedVideo: " + Capabilities.hasEmbeddedVideo + "\nhasIME: " + Capabilities.hasIME + "\nhasMP3: " + Capabilities.hasMP3 + "\nhasPrinting: " + Capabilities.hasPrinting + "\nhasScreenBroadcast: " + Capabilities.hasScreenBroadcast + "\nhasScreenPlayback: " + Capabilities.hasScreenPlayback + "\nhasStreamingAudio: " + Capabilities.hasStreamingAudio + "\nhasStreamingVideo: " + Capabilities.hasStreamingVideo + "\nhasTLS: " + Capabilities.hasTLS + "\nhasVideoEncoder: " + Capabilities.hasVideoEncoder + "\nisDebugger: " + Capabilities.isDebugger + "\nisEmbeddedInAcrobat: " + Capabilities.isEmbeddedInAcrobat + "\nlanguage: " + Capabilities.language + "\nlocalFileReadDisable: " + Capabilities.localFileReadDisable + "\nmanufacturer: " + Capabilities.manufacturer + "\nmaxLevelIDC: " + Capabilities.maxLevelIDC + "\nos: " + Capabilities.os + "\npixelAspectRatio: " + Capabilities.pixelAspectRatio + "\nplayerType: " + Capabilities.playerType + "\nscreenColor: " + Capabilities.screenColor + "\nscreenDPI: " + Capabilities.screenDPI + "\nscreenResolutionX: " + Capabilities.screenResolutionX + "\nscreenResolutionY: " + Capabilities.screenResolutionY + "\nserverString: " + Capabilities.serverString + "\ntouchscreenType: " + Capabilities.touchscreenType + // The following capabilities are supported only when publishing for AIR. // If you are publishing for AIR, uncomment the following lines. //"\nlanguages: " + Capabilities.languages + //"\ncpuArchitecture: " + Capabilities.cpuArchitecture + //"\nsupports32BitProcesses: " + Capabilities.supports32BitProcesses + //"\nsupports64BitProcesses: " + Capabilities.supports64BitProcesses + "\nversion: " + Capabilities.version; addChild(tf); trace("avHardwareDisable: " + Capabilities.avHardwareDisable); trace("hasAccessibility: " + Capabilities.hasAccessibility); trace("hasAudio: " + Capabilities.hasAudio); trace("hasAudioEncoder: " + Capabilities.hasAudioEncoder); trace("hasEmbeddedVideo: " + Capabilities.hasEmbeddedVideo); trace("hasIME: " + Capabilities.hasIME); trace("hasMP3: " + Capabilities.hasMP3); trace("hasPrinting: " + Capabilities.hasPrinting); trace("hasScreenBroadcast: " + Capabilities.hasScreenBroadcast); trace("hasScreenPlayback: " + Capabilities.hasScreenPlayback); trace("hasStreamingAudio: " + Capabilities.hasStreamingAudio); trace("hasStreamingVideo: " + Capabilities.hasStreamingVideo); trace("hasTLS: " + Capabilities.hasTLS); trace("hasVideoEncoder: " + Capabilities.hasVideoEncoder); trace("isDebugger: " + Capabilities.isDebugger); trace("isEmbeddedInAcrobat: " + Capabilities.isEmbeddedInAcrobat); trace("language: " + Capabilities.language); trace("localFileReadDisable: " + Capabilities.localFileReadDisable); trace("manufacturer: " + Capabilities.manufacturer); trace("maxLevelIDC: " + Capabilities.maxLevelIDC); trace("os: " + Capabilities.os); trace("pixelAspectRatio: " + Capabilities.pixelAspectRatio); trace("playerType: " + Capabilities.playerType); trace("screenColor: " + Capabilities.screenColor); trace("screenDPI: " + Capabilities.screenDPI); trace("screenResolutionX: " + Capabilities.screenResolutionX); trace("screenResolutionY: " + Capabilities.screenResolutionY); trace("serverString: " + Capabilities.serverString); trace("touchscreenType: " + Capabilities.touchscreenType); // The following capabilities are supported only when publishing for AIR. // If you are publishing for AIR, uncomment the following lines. //trace("cpuArchitecture: " + Capabilities.cpuArchitecture); //trace("languages: " + Capabilities.languages); //trace("supports32BitProcesses: " + Capabilities.supports32BitProcesses); //trace("supports64BitProcesses: " + Capabilities.supports64BitProcesses); trace("version: " + Capabilities.version); } } } avHardwareDisable Specifies whether access to the user's camera and microphone has been administratively prohibited (true) or allowed (false).Capabilities, Capabilities.avHardwareDisable, avHardwareDisable Boolean Specifies whether access to the user's camera and microphone has been administratively prohibited (true) or allowed (false). The server string is AVD.

For content in Adobe AIR™, this property applies only to content in security sandboxes other than the application security sandbox. Content in the application security sandbox can always access the user's camera and microphone.

cpuArchitecture Specifies the current CPU architecture.The following example traces the value of this read-only property:

	 trace(Capabilities.cpuArchitecture);

String Specifies the current CPU architecture. The cpuArchitecture property can return the following strings: "PowerPC", "x86", "SPARC", and "ARM". The server string is ARCH. hasAccessibility Specifies whether the system supports (true) or does not support (false) communication with accessibility aids.Capabilities, Capabilities.hasAccessibility, hasAccessibility, accessibility Boolean Specifies whether the system supports (true) or does not support (false) communication with accessibility aids. The server string is ACC. hasAudioEncoder Specifies whether the system can (true) or cannot (false) encode an audio stream, such as that coming from a microphone.Capabilities, Capabilities.hasAudioEncoder, hasAudioEncoder Boolean Specifies whether the system can (true) or cannot (false) encode an audio stream, such as that coming from a microphone. The server string is AE. hasAudio Specifies whether the system has audio capabilities.Capabilities, Capabilities.hasAudio, hasAudio Boolean Specifies whether the system has audio capabilities. This property is always true. The server string is A. hasEmbeddedVideo Specifies whether the system supports (true) or does not support (false) embedded video.Capabilities, Capabilities.hasEmbeddedVideo, hasEmbeddedVideo, video Boolean Specifies whether the system supports (true) or does not support (false) embedded video. The server string is EV. hasIME Specifies whether the system does (true) or does not (false) have an input method editor (IME) installed.Capabilities, Capabilities.hasIME, hasIME, IME Boolean Specifies whether the system does (true) or does not (false) have an input method editor (IME) installed. The server string is IME. hasMP3 Specifies whether the system does (true) or does not (false) have an MP3 decoder.Capabilities, Capabilities.hasMP3, hasMP3, MP3, audio Boolean Specifies whether the system does (true) or does not (false) have an MP3 decoder. The server string is MP3. hasPrinting Specifies whether the system does (true) or does not (false) support printing.Capabilities, Capabilities.hasPrinting, hasPrinting, printing Boolean Specifies whether the system does (true) or does not (false) support printing. The server string is PR. hasScreenBroadcast Specifies whether the system does (true) or does not (false) support the development of screen broadcast applications to be run through Flash Media Server.Capabilities, Capabilities.hasScreenBroadcast, hasScreenBroadcast Boolean Specifies whether the system does (true) or does not (false) support the development of screen broadcast applications to be run through Flash Media Server. The server string is SB. hasScreenPlayback Specifies whether the system does (true) or does not (false) support the playback of screen broadcast applications that are being run through Flash Media Server.Capabilities, Capabilities.hasScreenPlayback, hasScreenPlayback Boolean Specifies whether the system does (true) or does not (false) support the playback of screen broadcast applications that are being run through Flash Media Server. The server string is SP. hasStreamingAudio Specifies whether the system can (true) or cannot (false) play streaming audio.Capabilities, Capabilities.hasStreamingAudio, hasStreamingAudio, audio Boolean Specifies whether the system can (true) or cannot (false) play streaming audio. The server string is SA. hasStreamingVideo Specifies whether the system can (true) or cannot (false) play streaming video.Capabilities, Capabilities.hasStreamingVideo, hasStreamingVideo, video Boolean Specifies whether the system can (true) or cannot (false) play streaming video. The server string is SV. hasTLS Specifies whether the system supports native SSL sockets through NetConnection (true) or does not (false).Capabilities, Capabilities.hasTLS, hasTLS, TLS Boolean Specifies whether the system supports native SSL sockets through NetConnection (true) or does not (false). The server string is TLS. hasVideoEncoder Specifies whether the system can (true) or cannot (false) encode a video stream, such as that coming from a web camera.Capabilities, Capabilities.hasVideoEncoder, hasVideoEncoder Boolean Specifies whether the system can (true) or cannot (false) encode a video stream, such as that coming from a web camera. The server string is VE. isDebugger Specifies whether the system is a special debugging version (true) or an officially released version (false).Capabilities, Capabilities.isDebugger, isDebugger, debugging Boolean Specifies whether the system is a special debugging version (true) or an officially released version (false). The server string is DEB. This property is set to true when running in the debug version of Flash Player or the AIR Debug Launcher (ADL). isEmbeddedInAcrobat Specifies whether the Flash runtime is embedded in a PDF file that is open in Acrobat 9.0 or higher (true) or not (false).Capabilities, Capabilities.isEmbeddedInAcrobat, isEmbeddedInAcrobat, Acrobat Boolean Specifies whether the Flash runtime is embedded in a PDF file that is open in Acrobat 9.0 or higher (true) or not (false). languages An array of strings that contain information about the user's preferred user interface languages, as set through the operating system.Array An array of strings that contain information about the user's preferred user interface languages, as set through the operating system. The strings will contain language tags (and script and region information, where applicable) defined by RFC4646 (http://www.ietf.org/rfc/rfc4646.txt) and will use dashes as a delimiter (for example, "en-US" or "ja-JP"). Languages are listed in the array in the order of preference, as determined by the operating system settings.

Operating systems differ in region information returned in locale strings. One operating system may return "en-us", whereas another may return "en".

The first entry in the returned array generally has the same primary language ID as the Capabilities.language property. For example, if Capabilities.languages[0] is set to "en-US", then the language property is set to "en". However, if the Capabilities.language property is set to "xu" (specifying an unknown language), the first element in this array will be different. For this reason, Capabilities.languages[0] can be more accurate than Capabilities.language.

The server string is LS.

language Specifies the language code of the system on which the content is running.Capabilities, Capabilities.language, language String Specifies the language code of the system on which the content is running. The language is specified as a lowercase two-letter language code from ISO 639-1. For Chinese, an additional uppercase two-letter country code from ISO 3166 distinguishes between Simplified and Traditional Chinese. The languages codes are based on the English names of the language: for example, hu specifies Hungarian.

On English systems, this property returns only the language code (en), not the country code. On Microsoft Windows systems, this property returns the user interface (UI) language, which refers to the language used for all menus, dialog boxes, error messages, and help files. The following table lists the possible values: LanguageValueCzechcsDanishdaDutchnlEnglishenFinnishfiFrenchfrGermandeHungarianhuItalianitJapanesejaKoreankoNorwegiannoOther/unknownxuPolishplPortugueseptRussianruSimplified Chinesezh-CNSpanishesSwedishsvTraditional Chinesezh-TWTurkishtr

Note: The value of Capabilities.language property is limited to the possible values on this list. Because of this limitation, Adobe AIR applications should use the first element in the Capabilities.languages array to determine the primary user interface language for the system.

The server string is L.

In the following example, the content that is displayed depends on the language of the user's operating system.

The Capabilities.language property returns the ISO 639-1 language code (for example, "en" for English). The switch statement checks for the language code and sets the content of the myTextField text field to a greeting specific to the language. If the language code is not supported by the example, the default error string is returned.

package { import flash.display.Sprite; import flash.text.TextField; import flash.text.TextFieldAutoSize; import flash.system.Capabilities; public class Capabilities_languageExample extends Sprite { public function Capabilities_languageExample() { var myTextField:TextField = new TextField(); myTextField.x = 10; myTextField.y = 10; myTextField.background = true; myTextField.autoSize = TextFieldAutoSize.LEFT; var greetingEnglish:String = "Hello World"; var greetingGerman:String = "Hallo Welt"; var greetingFrench:String = "Bonjour Monde"; var greetingSpanish:String = "Hola Mundo"; var lang:String = Capabilities.language; switch (lang) { case "en": myTextField.text = greetingEnglish; break; case "de": myTextField.text = greetingGerman; break; case "fr": myTextField.text = greetingFrench; break; case "es": myTextField.text = greetingSpanish; break; default: myTextField.text = "Sorry your system's language is not supported at this time."; } this.addChild(myTextField); } } } localFileReadDisable Specifies whether read access to the user's hard disk has been administratively prohibited (true) or allowed (false).Capabilities, Capabilities.localFileReadDisable, localFileReadDisable Boolean Specifies whether read access to the user's hard disk has been administratively prohibited (true) or allowed (false). For content in Adobe AIR, this property applies only to content in security sandboxes other than the application security sandbox. (Content in the application security sandbox can always read from the file system.) If this property is true, Flash Player cannot read files (including the first file that Flash Player launches with) from the user's hard disk. If this property is true, AIR content outside of the application security sandbox cannot read files from the user's hard disk. For example, attempts to read a file on the user's hard disk using load methods will fail if this property is set to true.

Reading runtime shared libraries is also blocked if this property is set to true, but reading local shared objects is allowed without regard to the value of this property.

The server string is LFD.

manufacturer Specifies the manufacturer of the running version of Flash Player or the AIR runtime, in the format "Adobe OSName".Capabilities, Capabilities.manufacturer, manufacturer String Specifies the manufacturer of the running version of Flash Player or the AIR runtime, in the format "Adobe OSName". The value for OSName could be "Windows", "Macintosh", "Linux", or another operating system name. The server string is M.

Do not use Capabilities.manufacturer to determine a capability based on the operating system if a more specific capability property exists. Basing a capability on the operating system is a bad idea, since it can lead to problems if an application does not consider all potential target operating systems. Instead, use the property corresponding to the capability for which you are testing. For more information, see the Capabilities class description.

maxLevelIDC Retrieves the highest H.264 Level IDC that the client hardware supports.Capabilities, Capabilities.maxLevelIDC, maxLevelIDC String Retrieves the highest H.264 Level IDC that the client hardware supports. Media run at this level are guaranteed to run; however, media run at the highest level might not run with the highest quality. This property is useful for servers trying to target a client's capabilities. Using this property, a server can determine the level of video to send to the client.

The server string is ML.

os Specifies the current operating system.Capabilities, Capabilities.os, os String Specifies the current operating system. The os property can return the following strings: Operating systemValueWindows 7"Windows 7"Windows Vista"Windows Vista"Windows Server 2008 R2"Windows Server 2008 R2"Windows Server 2008"Windows Server 2008"Windows Home Server"Windows Home Server"Windows Server 2003 R2"Windows Server 2003 R2"Windows Server 2003"Windows Server 2003"Windows XP 64"Windows Server XP 64"Windows XP"Windows XP"Windows 98"Windows 98"Windows 95"Windows 95"Windows NT"Windows NT"Windows 2000"Windows 2000"Windows ME"Windows ME"Windows CE"Windows CE"Windows SmartPhone"Windows SmartPhone"Windows PocketPC"Windows PocketPC"Windows CEPC"Windows CEPC"Windows Mobile"Windows Mobile"Mac OS"Mac OS X.Y.Z" (where X.Y.Z is the version number, for example: "Mac OS 10.5.2")Linux"Linux" (Flash Player attaches the Linux version, such as "Linux 2.6.15-1.2054_FC5smp"iPhone OS 4.1"iPhone3,1"

The server string is OS.

Do not use Capabilities.os to determine a capability based on the operating system if a more specific capability property exists. Basing a capability on the operating system is a bad idea, since it can lead to problems if an application does not consider all potential target operating systems. Instead, use the property corresponding to the capability for which you are testing. For more information, see the Capabilities class description.

pixelAspectRatio Specifies the pixel aspect ratio of the screen.Capabilities, Capabilities.pixelAspectRatio, pixelAspectRatio Number Specifies the pixel aspect ratio of the screen. The server string is AR. playerType Specifies the type of runtime environment.Capabilities, Capabilities.playerType, playerType String Specifies the type of runtime environment. This property can have one of the following values:

"ActiveX" for the Flash Player ActiveX control used by Microsoft Internet Explorer
"Desktop" for the Adobe AIR runtime (except for SWF content loaded by an HTML page, which has Capabilities.playerType set to "PlugIn")
"External" for the external Flash Player or in test mode
"PlugIn" for the Flash Player browser plug-in (and for SWF content loaded by an HTML page in an AIR application)
"StandAlone" for the stand-alone Flash Player

The server string is PT.

screenColor Specifies the screen color.Capabilities, Capabilities.screenColor, screenColor String Specifies the screen color. This property can have the value "color", "gray" (for grayscale), or "bw" (for black and white). The server string is COL. screenDPI Specifies the dots-per-inch (dpi) resolution of the screen, in pixels.Capabilities, Capabilities.screenDPI, screenDPI Number Specifies the dots-per-inch (dpi) resolution of the screen, in pixels. The server string is DP. screenResolutionX Specifies the maximum horizontal resolution of the screen.Capabilities, Capabilities.screenResolutionX, screenResolutionY Number Specifies the maximum horizontal resolution of the screen. The server string is R (which returns both the width and height of the screen). This property does not update with a user's screen resolution and instead only indicates the resolution at the time Flash Player or an Adobe AIR application started. Also, the value only specifies the primary screen. screenResolutionY Specifies the maximum vertical resolution of the screen.Capabilities, Capabilities.screenResolutionY, screenResolutionY Number Specifies the maximum vertical resolution of the screen. The server string is R (which returns both the width and height of the screen). This property does not update with a user's screen resolution and instead only indicates the resolution at the time Flash Player or an Adobe AIR application started. Also, the value only specifies the primary screen. The following example is a simple test that indicates the current screen resolution and operating system version. When testing this example, click the text field to see the property values: import flash.events.~; import flash.display.~; import flash.system.Capabilities; import flash.text.TextField; var screenInfoTxt:TextField = new TextField(); var screenInfoTxt.x = 30; var screenInfoTxt.y = 50; var screenInfoTxt.width = 300; var screenInfoTxt.height = 100; var screenInfoTxt.border = true; addChild(screenInfoTxt); addEventListener(MouseEvent.CLICK, getScreenNVersion); function getScreenNVersion(e:MouseEvent):void{ screenInfoTxt.text= "flash.system.Capabilities.screenResolutionX is : " + String(flash.system.Capabilities.screenResolutionX) + "\n" + "flash.system.Capabilities.screenResolutionY is : " + String(flash.system.Capabilities.screenResolutionY) + "\n" + "flash.system.Capabilities.version is : " + flash.system.Capabilities.version; } serverString A URL-encoded string that specifies values for each Capabilities property.Capabilities, Capabilities.serverString, serverString String A URL-encoded string that specifies values for each Capabilities property.

The following example shows a URL-encoded string:

A=t&SA=t&SV=t&EV=t&MP3=t&AE=t&VE=t&ACC=f&PR=t&SP=t&
	 SB=f&DEB=t&V=WIN%208%2C5%2C0%2C208&M=Adobe%20Windows&
	 R=1600x1200&DP=72&COL=color&AR=1.0&OS=Windows%20XP&
	 L=en&PT=External&AVD=f&LFD=f&WD=f

supports32BitProcesses Specifies whether the system supports running 32-bit processes.The following example traces the value of this read-only property:

	trace(Capabilities.supports32BitProcesses);

Boolean Specifies whether the system supports running 32-bit processes. The server string is PR32. supports64BitProcesses Specifies whether the system supports running 64-bit processes.The following example traces the value of this read-only property:

	trace(Capabilities.supports64BitProcesses);

Boolean Specifies whether the system supports running 64-bit processes. The server string is PR64. touchscreenType Specifies the type of touchscreen supported, if any.String Specifies the type of touchscreen supported, if any. Values are defined in the flash.system.TouchscreenType class. The following example is a simple test that indicates the current type of touch screen. When testing this example, click a text field to see the property values: import flash.events.~~; import flash.display.~~; import flash.system.Capabilities; import flash.text.TextField; var capabilitiesTouchScreenTypeTxt:TextField = new TextField(); capabilitiesTouchScreenTypeTxt.width = 300; capabilitiesTouchScreenTypeTxt.border = true; addChild(capabilitiesTouchScreenTypeTxt); addEventListener(MouseEvent.CLICK, getScreenKeyboardType); function getScreenKeyboardType(e:MouseEvent):void{ capabilitiesTouchScreenTypeTxt.text= "flash.system.Capabilities.touchscreenType is : " + flash.system.Capabilities.touchscreenType; } version Specifies the Flash Player or Adobe® AIR® platform and version information.Capabilities, Capabilities.version, version String Specifies the Flash Player or Adobe^® AIR^® platform and version information. The format of the version number is: platform majorVersion,minorVersion,buildNumber,internalBuildNumber. Possible values for platform are "WIN", ` "MAC", "LNX", and "AND". Here are some examples of version information:

	 WIN 9,0,0,0  // Flash Player 9 for Windows
	 MAC 7,0,25,0   // Flash Player 7 for Macintosh
	 LNX 9,0,115,0  // Flash Player 9 for Linux
	 AND 10,2,150,0 // Flash Player 10 for Android

Do not use Capabilities.version to determine a capability based on the operating system if a more specific capability property exists. Basing a capability on the operating system is a bad idea, since it can lead to problems if an application does not consider all potential target operating systems. Instead, use the property corresponding to the capability for which you are testing. For more information, see the Capabilities class description.

The server string is V.

The following example is a simple test that indicates the current screen resolution and operating system version. When testing this example, click the text field to see the property values: import flash.events.~; import flash.display.~; import flash.system.Capabilities; import flash.text.TextField; var screenInfoTxt:TextField = new TextField(); var screenInfoTxt.x = 30; var screenInfoTxt.y = 50; var screenInfoTxt.width = 300; var screenInfoTxt.height = 100; var screenInfoTxt.border = true; addChild(screenInfoTxt); addEventListener(MouseEvent.CLICK, getScreenNVersion); function getScreenNVersion(e:MouseEvent):void{ screenInfoTxt.text= "flash.system.Capabilities.screenResolutionX is : " + String(flash.system.Capabilities.screenResolutionX) + "\n" + "flash.system.Capabilities.screenResolutionY is : " + String(flash.system.Capabilities.screenResolutionY) + "\n" + "flash.system.Capabilities.version is : " + flash.system.Capabilities.version; } fscommand Lets the SWF file communicate with either Flash Player or the program hosting Flash Player, such as a web browser.

In the following example, the fscommand() function sets Flash Player to scale the SWF file to the full monitor screen size when the fullscreen_btn button or unfullscreen_btn is released:

this.fullscreen_btn.onRelease = function() {
   fscommand("fullscreen", true);
 };
 this.unfullscreen_btn.onRelease = function() {
   fscommand("fullscreen", false);
 };

The following example uses the fscommand() function applied to a button in Flash to open a JavaScript message box in an HTML page. The message itself is sent to JavaScript as the fscommand parameter.

You must add a function to the HTML page that contains the SWF file. This function, myDocument_DoFSCommand, sits in the HTML page and waits for an fscommand() function in Flash. When an fscommand is triggered in Flash (for example, when a user presses the button), the command and args strings are passed to the myDocument_DoFSCommand function. You can use the passed strings in your JavaScript or VBScript code in any way you like. In this example, the function contains a conditional if statement that checks to see if the command string is "messagebox". If it is, a JavaScript alert box (or "message box") opens and displays the contents of the args string.

function myDocument_DoFSCommand(command, args) {
   if (command == "messagebox") {
      alert(args);
   }

In the Flash document, add the fscommand() function to a button:

fscommand("messagebox", "This is a message box called from within Flash.")

You can also use expressions for the fscommand() function and parameters, as in the following example:

fscommand("messagebox", "Hello, " + name + ", welcome to our website!")

To test the SWF file, select File > Publish Preview > HTML.

Note: If you publish your SWF file using the Flash with FSCommand template in the HTML tab of the Publish Settings dialog box, the myDocument_DoFSCommand function is inserted automatically. The SWF file's NAME and ID attributes will be the filename. For example, for the file myDocument.fla, the attributes would be set to myDocument.

If the function is not called in response to a user action, such as a mouse event or keypress event. ErrorErrorcommandStringA string passed to the host application for any use, or a command passed to Flash Player. argsStringA string passed to the host application for any use, or a value passed to Flash Player. Lets the SWF file communicate with either Flash Player or the program hosting Flash Player, such as a web browser. You can also use the fscommand() function to pass messages to Director or to Visual Basic, Visual C++, and other programs that can host ActiveX controls.

The fscommand() function lets a SWF file communicate with a script in a web page. However, script access is controlled by the web page's allowScriptAccess setting. (You set this attribute in the HTML code that embeds the SWF file—for example, in the PARAM tag for Internet Explorer or the EMBED tag for Netscape.)

When allowScriptAccess is set to "sameDomain" (the default), scripting is allowed only from SWF files that are in the same domain as the web page.
When allowScriptAccess is set to "always", the SWF file can communicate with the HTML page in which it is embedded even when the SWF file is from a different domain than the HTML page.
When allowScriptAccess is set to "never", the SWF file cannot communicate with any HTML page. Note that using this value is deprecated and not recommended, and shouldn't be necessary if you don't serve untrusted SWF files from your own domain. If you do need to serve untrusted SWF files, Adobe recommends that you create a distinct subdomain and place all untrusted content there.

You can prevent a SWF file from using this method by setting the allowNetworking parameter of the the object and embed tags in the HTML page that contains the SWF content.

The fscommand() function is not allowed if the calling SWF file is in the local-with-file-system or local-with-network sandbox and the containing HTML page is in an untrusted sandbox.

For more information related to security, see the Flash Player Developer Center Topic: Security.

Usage 1: To use fscommand() to send a message to Flash Player, you must use predefined commands and parameters. The following table shows the values that you can specify for the fscommand() function's command and args parameters. These values control SWF files that are playing in Flash Player, including projectors. (A projector is a SWF file saved in a format that can run as a stand-alone application—that is, without Flash Player.)

CommandParameter (args)PurposequitNoneCloses the projector.fullscreentrue or falseSpecifying true sets Flash Player to full-screen mode. Specifying false returns the player to normal menu view.allowscaletrue or falseSpecifying false sets the player so that the SWF file is always drawn at its original size and never scaled. Specifying true forces the SWF file to scale to 100% of the player.showmenutrue or falseSpecifying true enables the full set of context menu items. Specifying false hides all of the context menu items except About Flash Player and Settings.execPath to application Executes an application from within the projector.trapallkeystrue or falseSpecifying true sends all key events, including accelerator keys, to the onClipEvent(keyDown/keyUp) handler in Flash Player.

Not all of the commands listed in the table are available in all applications:

None of the commands are available in web players.
All of the commands are available in stand-alone projector applications.
AIR applications should use the flash.desktop.NativeApplication class for similar functions, such as NativeApplication.nativeApplication.exit() instead of fscommand("quit").
Only allowscale and exec are available in test-movie players.

The exec command can contain only the characters A-Z, a-z, 0-9, period (.), and underscore (_). The exec command runs in the subdirectory fscommand only. In other words, if you use the exec command to call an application, the application must reside in a subdirectory named fscommand. The exec command works only from within a Flash projector file.

Usage 2: To use fscommand() to send a message to a scripting language such as JavaScript in a web browser, you can pass any two parameters in the command and args parameters. These parameters can be strings or expressions, and they are used in a JavaScript function that handles, or catches, the fscommand() function.

In a web browser, fscommand() calls the JavaScript function moviename_DoFScommand, which resides in the web page that contains the SWF file. For moviename, supply the name of the Flash object that you used for the NAME attribute of the EMBED tag or the ID property of the OBJECT tag. If you assign the SWF file the name "myMovie", the JavaScript function myMovie_DoFScommand is called.

In the web page that contains the SWF file, set the allowScriptAccess attribute to allow or deny the SWF file's ability to access the web page, as described above. (You set this attribute in the HTML code that embeds the SWF file—for example, in the PARAM tag for Internet Explorer or the EMBED tag for Netscape.)

In Flash Player 10 and later running in a browser, using this method programmatically to open a pop-up window may not be successful. Various browsers (and browser configurations) may block pop-up windows at any time; it is not possible to guarantee any pop-up window will appear. However, for the best chance of success, use this method to open a pop-up window only in code that executes as a direct result of a user action (for example, in an event handler for a mouse click or key-press event.)

Usage 3: The fscommand() function can send messages to Director (Macromedia Director from Adobe). These messages are interpreted by Lingo (the Director scripting language) as strings, events, or executable Lingo code. If a message is a string or an event, you must write the Lingo code to receive the message from the fscommand() function and carry out an action in Director. For more information, see the Director Support Center at www.adobe.com/support/director/.

Usage 4: In VisualBasic, Visual C++, and other programs that can host ActiveX controls, fscommand() sends a VB event with two strings that can be handled in the environment's programming language. For more information, use the keywords "Flash method" to search the Flash Support Center at www.adobe.com/support/flash/.

Note: The ExternalInterface class provides better functionality for communication between JavaScript and ActionScript (Usage 2) and between ActionScript and VisualBasic, Visual C++, or other programs that can host ActiveX controls (Usage 4). You should continue to use fscommand() for sending messages to Flash Player (Usage 1) and Director (Usage 3).

The following example shows how fscommand() can be used to direct Flash Player to go into full screen mode and not allow scaling. An orange box is then added to the stage using draw(). In draw(), a click event listener is added named clickHandler(), which responds to click events by directing Flash Player to exit using another call to fscommand().

Note: this example should be executed in the standalone Flash Player and not within a web browser.

package { import flash.display.Sprite; import flash.text.TextField; import flash.system.fscommand; import flash.events.MouseEvent; public class FSCommandExample extends Sprite { private var bgColor:uint = 0xFFCC00; private var size:uint = 100; public function FSCommandExample() { fscommand("fullscreen", "true"); fscommand("allowscale", "false"); draw(); } private function clickHandler(event:MouseEvent):void { fscommand("quit"); trace("clickHandler"); } private function draw():void { var child:Sprite = new Sprite(); child.graphics.beginFill(bgColor); child.graphics.drawRect(0, 0, size, size); child.graphics.endFill(); child.buttonMode = true; addEventListener(MouseEvent.CLICK, clickHandler); var label:TextField = new TextField(); label.text = "quit"; label.selectable = false; label.mouseEnabled = false; child.addChild(label); addChild(child); } } } IME The IME class lets you directly manipulate the operating system's input method editor (IME) in the Flash runtime application that is running on a client computer.Lets you directly manipulate the operating system's input method editor (IME). flash.events:EventDispatcher The IME class lets you directly manipulate the operating system's input method editor (IME) in the Flash runtime application that is running on a client computer. You can determine whether an IME is installed, whether or not the IME is currently enabled, and which IME is enabled. You can disable or enable the IME in the application, and you can perform other limited functions, depending on the operating system.

AIR profile support: This feature is supported on desktop operating systems, but it is not supported on all mobile devices. It is also not supported on AIR for TV devices. You can test for support at run time using the IME.isSupported property. See AIR Profile Support for more information regarding API support across multiple profiles.

IMEs let users type non-ASCII text characters in multibyte languages such as Chinese, Japanese, and Korean. For more information on working with IMEs, see the documentation for the operating system for which you are developing applications. For additional resources, see the following websites:

http://www.microsoft.com/globaldev/default.mspx
http://developer.apple.com/documentation/
http://java.sun.com

If an IME is not active on the user's computer, calls to IME methods or properties, other than Capabilities.hasIME, will fail. Once you manually activate an IME, subsequent ActionScript calls to IME methods and properties will work as expected. For example, if you are using a Japanese IME, it must be activated before any IME method or property is called.

The following table shows the platform coverage of this class:

CapabilityWindowsMac OSXLinuxDetermine whether the IME is installed: Capabilities.hasIMEYesYesYesSet IME on or off: IME.enabledYesYesYesFind out whether IME is on or off: IME.enabledYesYesYesGet or set IME conversion mode: IME.conversionModeYesYes ~~~~NoSend IME the string to be converted: IME.setCompositionString()Yes ~~NoNoGet from IME the original string before conversion: System.ime.addEventListener()Yes ~~NoNoSend request to convert to IME: IME.doConversion()Yes ~~NoNo

~~ Not all Windows IMEs support all of these operations. The only IME that supports them all is the Japanese IME.

~~~~ On the Macintosh, only the Japanese IME supports these methods, and third-party IMEs do not support them.

The ActionScript 3.0 version of this class does not support Macintosh Classic.

imeComposition Dispatched when a user has completed an input method editor (IME) composition and the reading string is available.flash.events.IMEEvent.IME_COMPOSITIONflash.events.IMEEvent Dispatched when a user has completed an input method editor (IME) composition and the reading string is available. IMEs are generally used to enter text from languages that have ideographs instead of letters, such as Japanese, Chinese and Korean. compositionAbandoned Causes the runtime to abandon any composition that is in progress. Causes the runtime to abandon any composition that is in progress. Call this method when the user clicks outside of the composition area or when the interactive object that has focus is being destroyed or reset. The runtime confirms the composition by calling confirmComposition() in the client. The runtime also resets the IME to inform the operating system that the composition has been abandoned. compositionSelectionChanged Call this method when the selection within the composition has been updated, either interactively or programmatically.startintSpecifies the offset in bytes of the start of the selection. endintSpecifies the offset in bytes of the end of the selection. Call this method when the selection within the composition has been updated, either interactively or programmatically. doConversion Instructs the IME to select the first candidate for the current composition string.The call was not successful. ErrorError Instructs the IME to select the first candidate for the current composition string. setCompositionString Sets the IME composition string.Need some examples of valid values for the param composition. The call is not successful. ErrorErrorcompositionStringThe string to send to the IME. Sets the IME composition string. When this string is set, the user can select IME candidates before committing the result to the text field that currently has focus.

If no text field has focus, this method fails and throws an error.

conversionMode The conversion mode of the current IME.StringA set attempt was not successful. ErrorError The conversion mode of the current IME. Possible values are IME mode string constants that indicate the conversion mode:

ALPHANUMERIC_FULL
ALPHANUMERIC_HALF
CHINESE
JAPANESE_HIRAGANA
JAPANESE_KATAKANA_FULL
JAPANESE_KATAKANA_HALF
KOREAN
UNKNOWN (read-only value; this value cannot be set)

enabled Indicates whether the system IME is enabled (true) or disabled (false).BooleanA set attempt was not successful. ErrorError Indicates whether the system IME is enabled (true) or disabled (false). An enabled IME performs multibyte input; a disabled IME performs alphanumeric input. isSupported The isSupported property is set to true if the IME class is available on the current platform, otherwise it is set to false.Boolean The isSupported property is set to true if the IME class is available on the current platform, otherwise it is set to false. System The System class contains properties related to local settings and operations.System, System object, built-in class Object The System class contains properties related to local settings and operations. Among these are settings for camers and microphones, operations with shared objects and the use of the Clipboard.

Additional properties and methods are in other classes within the flash.system package: the Capabilities class, the IME class, and the Security class.

This class contains only static methods and properties. You cannot create new instances of the System class.

The following example shows how to copy information about your system's total memory to the system Clipboard using a call to System.totalMemory within a call to the System.setClipboard() method. package { import flash.display.Sprite; import flash.system.System; public class SystemExample extends Sprite { public function SystemExample() { System.setClipboard("System.totalMemory: " + System.totalMemory); } } } disposeXML Makes the specified XML object immediately available for garbage collection.nodeXMLXML reference that should be made available for garbage collection. Makes the specified XML object immediately available for garbage collection. This method will remove parent and child connections between all the nodes for the specified XML node. exit Closes Flash Player.System, System.exit(), exit() codeuintA value to pass to the operating system. Typically, if the process exits normally, the value is 0. Closes Flash Player.

For the standalone Flash Player debugger version only.

AIR applications should call the NativeApplication.exit() method to exit the application.

gc Forces the garbage collection process. Forces the garbage collection process.

For the Flash Player debugger version and AIR applications only. In an AIR application, the System.gc() method is only enabled in content running in the AIR Debug Launcher (ADL) or, in an installed applcation, in content in the application security sandbox.

pause Pauses Flash Player or the AIR Debug Launcher (ADL).System, System.pause(), pause() Pauses Flash Player or the AIR Debug Launcher (ADL). After calling this method, nothing in the application continues except the delivery of Socket events.

For the Flash Player debugger version or the AIR Debug Launcher (ADL) only.

resume Resumes the application after calling System.pause().System, System.resume(), resume() Resumes the application after calling System.pause().

For the Flash Player debugger version or the AIR Debug Launcher (ADL) only.

setClipboard Replaces the contents of the Clipboard with a specified text string.System.setClipboard, setClipboard stringStringA plain-text string of characters to put on the system Clipboard, replacing its current contents (if any). Replaces the contents of the Clipboard with a specified text string. Replaces the contents of the Clipboard with a specified text string. This method works from any security context when called as a result of a user event (such as a keyboard or input device event handler).

This method is provided for SWF content running in Flash Player 9. It allows only adding String content to the Clipboard.

Flash Player 10 content and content in the application security sandbox in an AIR application can call the Clipboard.setData() method.

freeMemory The amount of memory (in bytes) that is allocated to Adobe® Flash® Player or Adobe® AIR® and that is not in use.Number The amount of memory (in bytes) that is allocated to Adobe^® Flash^® Player or Adobe^® AIR^® and that is not in use. This unused portion of allocated memory (System.totalMemory) fluctuates as garbage collection takes place. Use this property to monitor garbage collection. ime The currently installed system IME.flash.system:IME The currently installed system IME. To register for imeComposition events, call addEventListener() on this instance. privateMemory The entire amount of memory (in bytes) used by an application.Number The entire amount of memory (in bytes) used by an application. This is the amount of resident private memory for the entire process.

AIR developers should use this property to determine the entire memory consumption of an application.

For Flash Player, this includes the memory used by the container application, such as the web browser.

totalMemoryNumber The amount of memory (in bytes) currently in use that has been directly allocated by Flash Player or AIR.Number The amount of memory (in bytes) currently in use that has been directly allocated by Flash Player or AIR.

This property is expressed as a Number, which allows higher values than the System.totalMemory property, which is of type int.

This property does not return all memory used by an Adobe AIR application or by the application (such as a browser) containing Flash Player content. The browser or operating system may consume other memory. The System.privateMemory property reflects all memory used by an application.

totalMemory The amount of memory (in bytes) currently in use that has been directly allocated by Flash Player or AIR.uint The amount of memory (in bytes) currently in use that has been directly allocated by Flash Player or AIR.

If the amount of memory allocated is greater than the maximum value for a uint object (uint.MAX_VALUE, or 4,294,967,295), then this property is set to 0. The System.totalMemoryNumber property allows larger values.

useCodePage A Boolean value that determines which code page to use to interpret external text files.System.useCodepage, useCodepage, Unicode, code page Boolean A Boolean value that determines which code page to use to interpret external text files. When the property is set to false, external text files are interpretted as Unicode. (These files must be encoded as Unicode when you save them.) When the property is set to true, external text files are interpretted using the traditional code page of the operating system running the application. The default value of useCodePage is false.

Text that you load as an external file (using Loader.load(), the URLLoader class or URLStream) must have been saved as Unicode in order for the application to recognize it as Unicode. To encode external files as Unicode, save the files in an application that supports Unicode, such as Notepad on Windows.

If you load external text files that are not Unicode-encoded, set useCodePage to true. Add the following as the first line of code of the file that is loading the data (for Flash Professional, add it to the first frame):

System.useCodePage = true;

When this code is present, the application interprets external text using the traditional code page of the operating system. For example, this is generally CP1252 for an English Windows operating system and Shift-JIS for a Japanese operating system.

If you set useCodePage to true, Flash Player 6 and later treat text as Flash Player 5 does. (Flash Player 5 treated all text as if it were in the traditional code page of the operating system running the player.)

If you set useCodePage to true, remember that the traditional code page of the operating system running the application must include the characters used in your external text file in order to display your text. For example, if you load an external text file that contains Chinese characters, those characters cannot display on a system that uses the CP1252 code page because that code page does not include Chinese characters.

To ensure that users on all platforms can view external text files used in your application, you should encode all external text files as Unicode and leave useCodePage set to false. This way, the application (Flash Player 6 and later, or AIR) interprets the text as Unicode.

SecurityDomain The SecurityDomain class represents the current security "sandbox," also known as a security domain.Object The SecurityDomain class represents the current security "sandbox," also known as a security domain. By passing an instance of this class to Loader.load(), you can request that loaded media be placed in a particular sandbox. currentDomain Gets the current security domain.flash.system:SecurityDomain Gets the current security domain. SystemUpdater The SystemUpdater class allows you to update modules of the Flash Player, such as the DRM module for Flash Access, as well as the Flash Player itself.flash.events:EventDispatcher The SystemUpdater class allows you to update modules of the Flash Player, such as the DRM module for Flash Access, as well as the Flash Player itself. Available modules are listed in the SystemUpdaterType class.

Flash Player identifies the need for a Flash-Access-module update by dispatching a NetStatusEvent event. The event has a code property with a value of "DRM.UpdateNeeded". For updates to the Flash Access module, user consent is not required. Listen for the event and initiate the update by calling update("DRM").

Flash Player identifies the need for a player update by dispatching a StatusEvent event, with several possible code property values (see the status event). For updates to the player, user consent is required. Listen for the event and present the user with the option to update. The user must agree to the actual update and initiate the update by, for example, clicking a button in the user interface. You can then initiate the player update directly in ActionScript by calling update("SYSTEM").

Note: The SystemUpdater API is supported on all desktop platforms.

cancel Dispatched when an update of the player itself is cancelled by the user.flash.events.Event.CANCELflash.events.Event Dispatched when an update of the player itself is cancelled by the user. This event is dispatched only when an update of type SystemUpdaterType.SYSTEM is requested and the user cancels the update. complete Dispatched when the update completes.flash.events.Event.COMPLETEflash.events.Event Dispatched when the update completes. securityError Dispatched upon encountering a security error.flash.events.SecurityErrorEvent.SECURITY_ERRORflash.events.SecurityErrorEvent Dispatched upon encountering a security error. For example, a security error that can cause this event is if the player tries to perform an update when an update is not permitted by security policy. ioError Dispatched when an I/O error occurs.flash.events.IOErrorEvent.IO_ERRORflash.events.IOErrorEvent Dispatched when an I/O error occurs. For example, one error that can cause this event is a loss of Internet connectivity. progress Dispatched to indicate download progress.flash.events.ProgressEvent.PROGRESSflash.events.ProgressEvent Dispatched to indicate download progress. This event is like the progress event in the Loader and URLLoader classes. status Dispatched when the update fails.flash.events.StatusEvent.STATUSflash.events.StatusEvent Dispatched when the update fails. An update can fail for one of the following reasons:

The caller is running on an unsupported platform or architecture. In this case, the value of the code property is "DRM.UpdateFailedNotSupported" and the value of the level property is "error".
The requested update package cannot be located on the server. In this case, the value of the code property is "DRM.UpdateFailedNotCurrentlyAvailable" and the value of the level property is "error".
The Flash Access module is not installed. This error is similar to the "DRM.UpdateNeeded" code, which is dispatched by NetStatusEvent. However, in this case, a more recent version of Flash Player must be downloaded first. In this case, the value of the code property is "DRM.UpdateNeededButIncompatible" and the value of the level property is "error". To perform an update of Flash Player, call SystemUpdater.update(SystemUpdaterType.SYSTEM).
The new DRM module could not be downloaded. In this case, the value of the code property is "DRM.UpdateFailed" and the value of the level property is "error".

open Dispatched when an update begins.flash.events.Event.OPENflash.events.Event Dispatched when an update begins. The update is complete when a 'complete' event is sent, or when an IOErrorEvent, SecurityErrorEvent, or StatusEvent is sent. SystemUpdater Constructor. Constructor. cancel Cancels an active update. Cancels an active update. update Begins an update of a given type.typeString Begins an update of a given type. Update types are one of the string constants defined in the SystemUpdaterType class. Only one update is allowed at a time across all browsers.

After the update begins, listen for the events defined in this class. The following events events indicate the end of an update and allow a new update or update attempt to proceed, as does calling the update() function:

complete
cancel
securityError
ioError
status