Accessing loaded media as data

The draw() method of a BitmapData object lets you draw the currently displayed pixels of any display object to the BitmapData object. This could include the pixels of a MovieClip object, a Bitmap object, or any display object. The following conditions must be met for the draw() method to draw pixels to the BitmapData object:

• In the case of a source object other than a loaded bitmap, the source object and (in the case of a Sprite or MovieClip object) all of its child objects must come from the same domain as the object calling the draw() method, or they must be in a SWF file that is accessible to the caller by having called the Security.allowDomain() method.

• In the case of a Loaded bitmap source object, the source object must come from the same domain as the object calling the draw() method, or its source server must include a URL policy file that grants permission to the calling domain.

If these conditions are not met, a SecurityError exception is thrown.

When you load the image using the load() method of the Loader class, you can specify a context parameter, which is a LoaderContext object. If you set the checkPolicyFile property of the LoaderContext object to true , Flash Player checks for a URL policy file on the server from which the image is loaded. If there is a policy file, and the file permits the domain of the loading SWF file, the file is allowed to access data in the Bitmap object; otherwise, access is denied.

The following sound-related ActionScript 3.0 APIs have security restrictions:

• The SoundMixer.computeSpectrum() method—Always permitted for code running in the same security sandbox as the sound file. For code running in other sandboxes, there are security checks.

• The SoundMixer.stopAll() method—Always permitted for code running in the same security sandbox as the sound file. For files in other sandboxes, there are security checks.

• The id3 property of the Sound class—Always permitted for SWF files that are in the same security sandbox as the sound file. For code running in other sandboxes, there are security checks.

Every sound has two kinds of sandboxes associated with it—a content sandbox and an owner sandbox:

• The origin domain for the sound determines the content sandbox, and this determines whether data can be extracted from the sound via the id3 property of the sound and the SoundMixer.computeSpectrum() method.

• The object that started the sound playing determines the owner sandbox, and this determines whether the sound can be stopped using the SoundMixer.stopAll() method.

When you load the sound using the load() method of the Sound class, you can specify a context parameter, which is a SoundLoaderContext object. If you set the checkPolicyFile property of the SoundLoaderContext object to true , the runtime checks for a URL policy file on the server from which the sound is loaded. If there is a policy file, and the file permits the domain of the loading code, the code is allowed to access the id property of the Sound object; otherwise, it will not. Also, setting the checkPolicyFile property can enable the SoundMixer.computeSpectrum() method for loaded sounds.

You can use the SoundMixer.areSoundsInaccessible() method to find out whether a call to the SoundMixer.stopAll() method would not stop all sounds because the sandbox of one or more sound owners is inaccessible to the caller.

Calling the SoundMixer.stopAll() method stops those sounds whose owner sandbox is the same as that of the caller of stopAll() . It also stops those sounds whose playback was started by SWF files that have called the Security.allowDomain() method to permit access by the domain of the SWF file calling the stopAll() method. Any other sounds are not stopped, and the presence of such sounds can be revealed by calling the SoundMixer.areSoundsInaccessible() method.

Calling the computeSpectrum() method requires that every sound that is playing be either from the same sandbox as the object calling the method or from a source that has granted permission to the caller's sandbox; otherwise, a SecurityError exception is thrown. For sounds that were loaded from embedded sounds in a library in a SWF file, permission is granted with a call to the Security.allowDomain() method in the loaded SWF file. For sounds loaded from sources other than SWF files (originating from loaded mp3 files or from video files), a URL policy file on the source server grants access to data in loaded media.

For more information, see Author (developer) controls and Website controls (policy files) .

To access sound data from RTMP streams, you must allow access on the server. Use the Server-Side ActionScript Client.audioSampleAccess property to allow access to specific directories on Flash Media Server. For more information, see the Server-Side ActionScript Language Reference .

You can use the BitmapData.draw() method to capture the pixel data of the current frame of a video.

There are two different kinds of video:

• Video streamed over RTMP from Flash Media Server

• Progressive video, which is loaded from an FLV or F4V file

To use the BitmapData.draw() method to extract run-time graphics from RTMP streams, you must allow access on the server. Use the Server-Side ActionScript Client.videoSampleAccess property to allow access to specific directories on Flash Media Server. For more information, see the Server-Side ActionScript Language Reference .

When you call the BitmapData.draw() method with progressive video as the source parameter, the caller of BitmapData.draw() must either be from the same sandbox as the FLV file, or the server of the FLV file must have a policy file that grants permission to the domain of the calling SWF file. You can request that the policy file be downloaded by setting the checkPolicyFile property of the NetStream object to true .