Macromedia flash media server 2-developing media applications ユーザーズマニュアル
Protecting scripts from third-party code
99
The following secure.asc example shows how to wrap a built-in global function—in this case
load()
. After secure.asc is executed, calls to
load()
are directed through the user-defined
system call, as follows:
var sysobj = {};
sysobj._load = load; // Hide the load function.
load = null; // Make it unavailable unpriviliged code.
sysobj._load = load; // Hide the load function.
load = null; // Make it unavailable unpriviliged code.
/*The following function lets you inspect the file being accessed and, if
necessary, modify or validate it. You must write the code to validate or
modify fname, it isn’t currently in the function.
modify fname, it isn’t currently in the function.
*/
sysobj.load = function(fname){
sysobj.load = function(fname){
// User-defined code to validate or modify fname...
return this._load(fname);
return this._load(fname);
}
// Grab the global object.
var global = getGlobal();
// Grab the global object.
var global = getGlobal();
/* Now protect our sysobj and make it available as 'system' globally. Also,
set its attributes so that it is read-only and not deletable.
*/
global["system"] = protectObject(sysobj);
global["system"] = protectObject(sysobj);
setAttributes(global, "system", false, true, true);
// Now add a global load() function for compatibility.
// Make it read-only and non-deletable.
// Make it read-only and non-deletable.
global["load"] = function(path){
return system.load(path);
}
setAttributes(global, "load", false, true, true);
setAttributes(global, "load", false, true, true);
Asynchronous system calls
An asynchronous call returns immediately but its action does not immediately complete.
When the action completes, the success or failure status returns through a callback on a
responder object. An asynchronous system call is an asynchronous call that is protected and
routed through a system object.
When the action completes, the success or failure status returns through a callback on a
responder object. An asynchronous system call is an asynchronous call that is protected and
routed through a system object.
When using a user-provided responder object, you must store the responder for use at an
appropriate time so that it is not exposed. The following examples show how to handle the
asynchronous notification by storing the user-provided responder and dispatching to it when
necessary.
appropriate time so that it is not exposed. The following examples show how to handle the
asynchronous notification by storing the user-provided responder and dispatching to it when
necessary.