I would like to know your opinion on such feature request:
Make stage property of DisplayObject deprecated and remove it in the future versions of ActionScript.
May sound controversial, but, please read further.
In majority of cases, when one SWF fails to unload from another SWF the problem is within stage being accessible to the loaded SWF. Often times loaded SWF would make a hard reference to it, which would then mean staying forever in player’s memory.
This concern has been expressed long ago by Grant Skinner, but there was no effective solution to the problem. The unloadAndStop() added in FP10 doesn’t solve this problem, it is in fact not much different from stop() + unload(). However, the problem remains… You cannot safely load external content into your SWF. All the sandboxes and application domain system is worth nothing since once you get the reference to the stage you can do almost everything in loading SWF.
We only need a reference to the stage in FP9 / FP10 when trying to imitate onReleaseOutside AS2 handler. I.e. one common-case scenario, where stage is indispensable is when you need to add handler to mouseUp event.
Now, to sandboxing. There should be some mechanism built into player to let the player decide which sandbox is allowed to get the reference to the stage, and which is not. So that for example loaded SWF couldn’t set stage.align to what it wants unless the first SWF loaded into player explicitly permits it to the certain domain.
Otherwise what happens is like this: You have an application that loads flash banners, and your application sets stage’s align to top-left, then, some rookie banner sets it to the middle… The controls in your application go hirewire… and you simply cannot prevent it from happening…
Solution: setting stage properties fails if the sandboxed content is not allowed to access stage. Stage does not exist as a property by default, it is passed as an argument to the entry point of your application. This is done prior to initialization of the rest of your code, so, if the argument is null, you would know you are sandboxed and not allowed to call stage’s methods and properties.
Another possible solution is to have Stage.available property and / or Stage.stage properties. Same way, if the Stage.stage is null or Stage.available is false you cannot change align / displayMode / displayState etc…
Mouse events: Make Mouse an EventDispatcher, overload addEventListener() in a way it always adds a weak reference, no matter what.
GetObjectsUnderPoint() method should return only objects within the sandbox your SWF has permissions to access. Likewise Stage.focus would return null if focus is out of reach in terms of sandbox.
This won’t solve all the loading issues as there are still timers and local connections to deal with, but will greatly improve the security overall IMO.
I’m yet to think over the content of the FR, so, haven’t posted it yet, and, would be happy to know your opinion on this matter!
