Two security sandboxes sample

Has access to AIR APIs:
Use of eval() and other string-to-code techniques are limited. — the following throws an exception:

Read more about these restrictions: http://www.adobe.com/go/airhtmlsecurityfaq.
Can only load JavaScript files from the application resource directory.
XMLHttpRequest object can reach into remote domains — the following loads http://www.adobe.com:
Can expose functions to the non-application sandbox using the sandbox bridge (the parentSandboxBridge property of the iframe window object).
Can call functions from the non-application sandbox exposed via the sandbox bridge (the childSandboxBridge property of the iframe window object):
Read more about developing AIR Applications with HTML and Ajax: http://www.adobe.com/go/learn_air_html.