New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
htmlText, img tag not working #1242
Comments
Interesting .. it's not working for me either with ADL Version 32.0.0.116... thanks |
I created a quick test project in AdobeAnimate and targeted SDK 32 to see if it works or not... and it did! package {
import flash.display.Sprite;
import flash.text.TextField;
public class Main extends Sprite {
public function Main() {
var textField:TextField = new TextField();
textField.border = true;
textField.htmlText = "test <img src='https://www.myflashlabs.com/wp-content/uploads/2015/11/myflashlab_logo.png' />!!"
addChild(textField);
}
}
} nothing fancy. Just a simple quick sample like this. |
@myflashlab
Many years ago I tried it and it works only for Flash Player output, not for AIR. @ajwfrost, what "security issues" could be there? And could |
@itlancer Ah, that explains it. thanks for pointing out to that sentence. Anyhow, I was able to load images inline using Considering that this is not a bug, I'll close this ticket but I agree that it would be really nice if there's a possibility to support this feature with the TextField class. |
Thanks @itlancer - I hadn't realised that! but with that hint, we found the code that's preventing this, and yes it's exactly as you say. There are some comments alongside this saying that the dangers are with loading of symbol linkages and of SWFs so it might be that we could allow some raw png/gif/jpg files to be included inline with the text. Can I check, would you be wanting to pull in images from online, or from the local application assets? as the way things are structured, it's probably very straightforward to enable this if the img src attribute is a local file from within the application, and we could still block any out-of-control/web-based download of an image? Or would you want e.g. specific/known images, I can see a possibility where an application could want to pull images from their own webservers - but there's always a danger if you start to reference files that are outside of your own application's control as they may disappear (or be hacked)... |
@ajwfrost It would be nice if it works at least from the local assets. |
@ajwfrost
In all cases sometimes files (and their URL/paths) predefined, sometimes dynamic generated. But we understand that some images could contains "anything" in "content" matter. If you thing that could be dangerous in some cases then please clarify such cases. And may be something like And should new Feature Request need to be opened for that or current issue should be reopened? |
Isn't a single quote Anyways, seeing that
looks fine - so just pointing out to reduce possible confusion on improper syntax |
@ajwfrost could we introduce a domain whitelist similar to Security.allowDomain for allowing img tags? we load information / instruction HTML articles from our CDN (trusted) eg. https://sandbox.habbo.com/gamedata/habbopages/21oct01 and prior to AIR embedded images (also hosted on our CDN) worked without problems. |
@ajwfrost ping |
Hi Thanks for the ping :-) So yes, looking back at this one, it sounds like a domain approval list would be a good idea, as then the developer is in control of what domains would be allowed and it would still block anything a user had entered if that didn't match the approval list.. So we could introduce a list of protocol + domain combinations that are allowed, e.g. And then hopefully it would (just?) work to include an img tag into a text field..?! will have to check on that part too..... thanks |
That would be perfect, thanks! |
fwiw Security.allowDomain currently throws an exception when used in AIR [1], I guess a new config would need to be introduced? [1]
|
is there a solution as a result? how can I use an image in a text field in AIR |
Hi - sorry, no solution as yet, we need to add a new API in for this. The It may be best (from a security perspective) to have this on a per-text-field setting, so we could add something like We did check, and if we ignore the security restriction in code, then the images do load.. although the layout doesn't look quite right to me, maybe that's just the images and text field height settings that I'm trying.. Will get this API update into the AIR 51 codebase.. |
Suggested setting sounds great, thanks Andrew! |
domain security aside, is there anything currently stopping us from using library linkage symbols in a textfield with the |
There is a comment in the code explicitly forbidding this too. The creation of a symbol could lead to other code execution - I guess that's all internal anyway (assuming the symbol was from your swf not a loaded one) but this is equally restricted in AIR at the moment. So I guess we need a way to have an "allowed domain" to be the current SWF as well.... e.g. "app:/Main.swf" (being, |
@ajwfrost any updates on adding |
For me it works fine using latest AIR 51 and https://airsdk.dev/reference/actionscript/3.0/flash/text/TextField.html#allowedDomains |
It's weird but it seems like the
<img src='img.png/>
is not working on any of the33.**
SDKs. The same project shows the inline image with SDK 32 but not anything higher.The text was updated successfully, but these errors were encountered: