SWF Loader & Flex's SWFLoader: child SWF sandboxing policy

REF: http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/flash/display/Loader.html

With regards to a parent SWF loading a child SWF via the Loader class, is it possible to prevent the loaded child SWF from:

• Making any network calls, or
• Making calls to specific domains

Basically, I'm looking 开发者_JS百科for a programmatic version of allowNetworking: http://livedocs.adobe.com/flash/9.0/main/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00001079.html

Aditionally,

1. Are there any Flash Player version and Actionscript version discrepancies?
2. Are there any discrepancies if using Flex's SWFLoader is used instead?

Many thanks,

Geoff

The plain answer is "no, you can't". This is because you cannot hide or replace the built-in functions of the player. In theory, you could prevent many such calls by examining DoABC blocks of the SWF and finding calls to URLLoader or navigateToURL and similar. Of course it's impossible to find each one of them as those may be called through reflection. Besides, you'd have to write a decompiler to do that.

1. ActionScript has a very short history of versions, it was only 1.0, 2.0 and 3.0. Flash Player doesn't execute ActionScript. It executes bytecode (ABC - A ctionScript b yte c ode). Apart from ongoing maintainance, there were few changes to ABC format. Most significant are reflected in ABC format specs. So, for example, in Flash Player 10 a group of opcodes aka "Alchemy opcodes" was added, they, however, are not available to the programmers writing in AS3. I'm using this http://www.anotherbigidea.com/javaswf/avm2/AVM2Instructions.html for a quick reference, but it is a bit dated.

2. SWFLoader is a class you want to use when dealing with Flex framework. It is essentially the Loader class, extended to deal with the issues the framework introduced on top of built-ins.