52 | Chapter 3: Working with JavaScript and HTML Within AIR
Security Context
Content installed within the application runs under the secu-
rity context of the application. This means that it has access
to all of the Adobe AIR APIs and functionality.
Remote content loaded into the application is run under a
web security content, and as such does not have access to the
Adobe AIR APIs and functionality, or to the expanded privi-
leges to which application content has access.
For example, content loaded into the application via:
app-resource:/foo.htmlhas full access to the AIR APIs. However, content loaded
using HTTP, like so:
http://www.yourdomain.com/foo.htmlruns in a web security context, and does not have access to
AIR APIs.
Content in the application install directory falls under the
application security context. Content in the application stor-
age directory (app-storage:/) falls under the web security
context (Table 3-3).
Table 3-3. Application and web security contexts
URL data loaded from Has access to AIR APIs?
app-resource:/foo.html Yes
app-storage:/foo.html No
http://www.anydomain.com/foo.html No
https://www.anydomain.com/foo.html No
file:/C:/foo.html No
ftp://www.anydomain.com/foo.html No