Made to Order Software Corporation Logo


Tag Info
Tag Number: 
Tag Type: 
Tag Flash Version: 
Unknown SWF Tag: 
This tag is defined by the Flash documentation by Adobe
Brief Description: 

Since version 8, this tag is required and needs to be the very first tag in the movie. It is used as a way to better handle security within the Flash Player.

Tag Structure: 
struct swf_fileattributes {
	swf_tag			f_tag;		/* 69 */
	unsigned		f_reserved : 3;
	unsigned		f_has_metadata : 1;
	unsigned		f_allow_abc : 1;	/* since V9.0 */
	unsigned		f_suppress_cross_domain_caching : 1;	/* since V9.0 */
	unsigned		f_swf_relative_urls : 1;	/* since V9.0 */
	unsigned		f_use_network : 1;
	unsigned		f_reserved : 24;

The FileAttributes tag is new to version 8. It must be present in all movies version 8 and over. It must be the very first tag in the SWF movie. It should be unique (other instances will be ignored.)

The f_has_metadata flag shall be set to 1 whenever the movie includes a Metadata tag.

The f_allow_abc flag shall be set to 1 to give the player the right to execute DoABC scripts (this is a version 9 flag, in version 8, keep it set to 0.)

The f_suppress_cross_domain_caching must have some effect over the caching of some things... (version 9+)

The f_swf_relative_urls means that URLs specified in the movie are relative to the URL where the movie was loaded from. (version 9+)

The f_use_network flag needs to be set to 1 in order for the movie to be given the right to access the network. By default, a local movie will be allowed to load other local movies but nothing from the network.


I'm not registered as a security expert. However, this tag does not solve any security issues. It is a mimic just like the Protect, ProtectDebug and ProtectDebug2 tags. If you are playing a flash animation from a hacker, the fact is that it can include anything it wants and hack your system if the player has a flaw. Only a player without any flaws will be safe.


FileAttributes tag not required

Based on my experiments, FileAttributes tag is not required for any version of SWF; in fact, its contents appear to be ignored (e.g. disabling f_allow_abc doesn't change the behavior of Flash files containing DoABC tags). I reached this conclusion by creating different copies of a Flash file, where I removed the tag, changed the tag's contents, etc., and saw that these Flash files play exactly the same as the original.

This could be because the SWF version byte (at offset +3 in the file) apparently doesn't work the way one would expect: you would think that a Flash Player wouldn't attempt to load a Flash file with a bigger version than the Player knows how to support, but any large number there is accepted. Instead, the only effect of SWF version appears to be that newer tags aren't accepted when the version number is before the first version that supported that tag. For example, Flash files containing DefineBinaryData stop working if I set the SWF version byte to some number < 9.

This behavior is of course bizarre, and fairly useless as version control goes.

Post new comment

The content of this field is kept private and will not be shown publicly.
This question is for testing whether you are a human visitor and to prevent automated spam submissions.