Forums → Programming Forum → Code injection?

Hmm, I dont understand exactly what you mean.. but when you type square.x = 20 the movieclip square should go to X: 20 on your flash file, this means the square wont move. If you load/debug the .swf the square will just stand on X: 20 position and wont do anything.

Sorry for double posting but if you want that your MC will move you should do something like:

var leftKeyIsDown:Boolean = false;
var speed:Number = 5;

yourinstancenameofMC.addEventListener(Event.ENTER_FRAME, movement);
public function movement(event:Event):void
{
if(leftKeyIsDown)
{
yourinstancenameofMC.x -= speed;
}
}

stage.addEventListener(Event:KeyboardEvent.KEY_DOWN, ifKeyIsDown);
public function ifKeyIsDown(event:KeyboardEvent):void
{
if(event.keyCode == 37 || event.keyCode == 65)
{
leftKeyIsDown = true;
}
}

stage.addEventListener(Event:KeyboardEvent.KEY_UP, ifKeyIsUp);
public function ifKeyIsUp(event:KeyboardEvent):void
{
if(event.keyCode == 37 || event.keyCode == 65)
{
leftKeyIsDown = false;
}
}

This script is only for the leftKey, I hope this helped and I hope that this is where you were looking for. Have fun!

Not without building an actionscript compiler inside actionscript (I'm pretty sure it's impossible to do). You can just have the squares X coordinate equal to 'Input' and have input be the number the user puts in.

A long time ago I heard about someone who was working on this... I have no idea how it progressed though, and while I'm sure some functions are pretty easy to reproduce, others are (nearly) impossible.

I assume that you mean you want to convert the text from the box into actions, and have those actions run?

From the way you phrased your question, though, it sounds like you think typing code into the box will automatically cause that text to be run as code.

The second is incorrect, and the first is a poor idea. I thought about it myself, until I realized that if someone with real experience coding were to use it, they could manipulate the code to cheat.

Even though the user would not be able to run malicious code, (they would only be hurting their own machine anyway), it would simply be too easy for the user to cheat, and far too difficult for you to prevent it.

I did, however, for a project called Encode, create a system with a mock programming language to give the user the feeling of programming.

Yeah things like that tend to be a big security risk because a lot of time someone will find a way to run malicious code from them. That's the reason most programmers avoid eval or similar commands when dealing with user input.

For instance I tend to use the htmlspecialchars() function when dealing with form data in PHP. Keeps people from injecting nasty bits of code with their entries.

But back to the question at hand. Simple text boxes (including dynamic ones) do not interpret code. The eval() function existed in previous versions of ActionScript but its use was extremely limited. AS3 did away with the function all together.

If you are committed to a runtime there are two projects that have been working on an eval for AS3.
- As3Eval
- The D.eval API

Best of luck.

I don't think that flash alone can run malicious code, although I may be wrong. Adding PHP into the mix, particularly when running MySQL, does pose a risk, however.

Thanks for the time.

I asked for educational purposes; I just wanted to see if it was possible.