Hi all,
I would like to allow .swf files from external domains to communicate with a base/Main.swf movie. At the same time those .swf files should have NO access to my Main.swf movie objects/movieclips and server docs/scripts. I want to realize this by loading a shim file (Shim.swf) into the Main.swf (both at myDomain.com) and then by loading the external, unknown domain .swf (Anyones.swf) into Shim’s container.
The situation is described in the attached diagram.
So far I am getting good results - no direct access to Main.swf objects from Anyones.swf and full access to Shim.swf methods that return basic types taken from Main.swf objects: numbers, strings, boolean. Shim.swf methods cannot return complex types (objects, arrays etc.) to the external domain Anyones.swf. Anyway the returning values are “undefined”.
I would like to know your opinion on how safe is allowing (*-wildcard in Shim.swf) potentially any domain of .swf files that load into my Shim. Is there any risk of breaking into Main.swf or directly to myDomain.com server files ?
The situation is a bit different of those described in Adobe allowDomain related docs since it engages three movies instead of a couple.
Tia,
Greg
