If you’re thinking of hosting your SWFs on a content delivery network to improve the performance of your Flash application, or attempting to load a third-party SWF hosted on another domain into your application, be aware that loading and scripting SWFs from another domain posts a whole set of security issues, namely that of Cross-Domain Scripting. Due to the Flash Player 9’s security sandbox, when you load a SWF from another domain into a SWF hosted on your domain, by default, you will not be able to operate on the child SWF without it specifically granting permission.

Before proceeding with this tutorial, I highly recommend that you to read the Adobe Flash Player 9 Security White Paper. This 51-page document, although thorough in many aspects, unfortunately left out crucial details that one would need in order to successfully perform cross-domain scripting. Another indispensable reference would be Colin Moock’s Essential ActionScript 3.0, in particular, Chapter 19 on Flash Player Security Restrictions and Chapter 28 on Loading External Display Assets.

Let’s get started! (more…)