HTML DEVELOPER’S GUIDE FOR ADOBE AIR
Last updated 9/28/2011
property is a File object (a type of object defined by the runtime). A File object is a
reference to a file or directory on the user’s computer. The
property is a reference to the
user’s desktop directory. The
method is defined for any File object and returns an array of
File objects. The
method returns an array of File objects
representing files and directories on the user’s desktop.
Each File object has a name property, which is the filename as a string. The
loop in the
method iterates through the files and directories on the user’s desktop directory and appends their names to the
property of a
object in the application.
Important security rules when using HTML in AIR applications
Adobe AIR 1.0 and later
The files you install with the AIR application have access to the AIR APIs. For security reasons, content from other
sources do not. For example, this restriction prevents content from a remote domain (such as http://example.com)
from reading the contents the user’s desktop directory (or worse).
Because there are security loopholes that can be exploited through calling the
function (and related APIs),
content installed with the application, by default, is restricted from using these methods. However, some Ajax
frameworks use the calling the
function and related APIs.
To properly structure content to work in an AIR application, you must take the rules for the security restrictions on
content from different sources into account. Content from different sources is placed in separate security
classifications, called sandboxes (see Security sandboxes). By default, content installed with the application is installed
in a sandbox known as the application sandbox, and this grants it access to the AIR APIs. The application sandbox is
generally the most secure sandbox, with restrictions designed to prevent the execution of untrusted code.
The runtime allows you to load content installed with your application into a sandbox other than the application
sandbox. Content in non-application sandboxes operates in a security environment similar to that of a typical web
browser. For example, code in non-application sandboxes can use
and related methods (but at the same time
is not allowed to access the AIR APIs). The runtime includes ways to have content in different sandboxes communicate
securely (without exposing AIR APIs to non-application content, for example). For details, see “Cross-scripting
content in different security sandboxes” on page 34.
errors” on page 22.
For more information, see “HTML security in Adobe AIR” on page 73.
Adobe AIR 1.0 and later
If you call code that is restricted from use in a sandbox due to these security restrictions, the runtime dispatches a
avoid this error, follow these coding practices.