HTML DEVELOPER’S GUIDE FOR ADOBE AIR
Last updated 9/28/2011
Note: AIR applications cannot modify content using the app: URL scheme. Also, the application directory may be read
only because of administrator settings.
Unless there are administrator restrictions to the user's computer, AIR applications are privileged to write to any
location on the user's hard drive. Developers are advised to use the
path for local storage related to
their application. Files written to
from an application are put in a standard location:
• On Mac OS: the storage directory of an application is
the user's preferences folder. This is typically
• On Windows: the storage directory of an application is
the user's CSIDL_APPDATA Special Folder. This is typically
• On Linux:
If an application is designed to interact with existing files in the user's file system, be sure to read “Best security
practices for developers” on page 82.
Working securely with untrusted content
Adobe AIR 1.0 and later
Content not assigned to the application sandbox can provide additional scripting functionality to your application, but
only if it meets the security criteria of the runtime. This topic explains the AIR security contract with non-application
Scripting between application and non-application content
Adobe AIR 1.0 and later
AIR applications that script between application and non-application content have more complex security
arrangements. Files that are not in the application sandbox are only allowed to access the properties and methods of
files in the application sandbox through the use of a sandbox bridge. A sandbox bridge acts as a gateway between
application content and non-application content, providing explicit interaction between the two files. When used
correctly, sandbox bridges provide an extra layer of security, restricting non-application content from accessing object
references that are part of application content.
The benefit of sandbox bridges is best illustrated through example. Suppose an AIR music store application wants to
provide an API to advertisers who want to create their own SWF files, with which the store application can then
communicate. The store wants to provide advertisers with methods to look up artists and CDs from the store, but also
wants to isolate some methods and properties from the third-party SWF file for security reasons.
An alias to the application directory. Files accessed from this path are assigned the application sandbox and have
the full privileges granted by the runtime.
An alias to the local storage directory, standardized by the runtime. Files accessed from this path are assigned a
An alias that represents the root of the user's hard disk. A file accessed from this path is assigned an application
sandbox if the file exists in the application directory, and a non-application sandbox otherwise.