0

I'm trying to execute a function like window.alert for example, from actionscript, when both the html file and the swf file are using the file: protocol.

Does anyone know of someway to do this?

without changing global flash security settings

Improve this question

3 Answers 3

Reset to default
2

It looks like it's not possible after reading Controlling access to scripts in a host web page.

For SWF files running locally, calls to these APIs are successful only if the SWF file and the containing web page (if there is one) are in the local-trusted security sandbox. Calls to these methods fail if the content is in the local-with-networking or local-with-filesystem sandbox.

Then this page on local sandboxes basically says that won't work unless the swf is in a "local-trusted sandbox" which a user or installer would need to put it in.

This blog post about the "local-with-filesystem sandbox" says:

First, I think the documentation here is a bit too generous. SWFs loaded from the local file system do face some restrictions. The most relevant restrictions are probably:

  1. The SWF cannot make a call to JavaScript (or vbscript), either through URL or ExternalInterface
  2. The SWF cannot call a HTTP or HTTPS request.
  3. Querystring parameters (ex. Blah.php?querystring=qs-value) are stripped and will not be passed (even for requests to local files)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

There is a document "Controlling access to scripts in a host web page" that describes the various ways and restrictions on allowing Flash content to interact with Javascript.

According to the doc, as long as your embed tag contains AllowScriptAccess set to "always" you should be fine regardless of where the page is loaded from.

Improve this answer

1 Comment

ah it says the domain will not matter if allowScriptAccess="always", but before that it says "For SWF files running locally, calls to these APIs are successful only if the SWF file and the containing web page (if there is one) are in the local-trusted security sandbox. Calls to these methods fail if the content is in the local-with-networking or local-with-filesystem sandbox." so I don't think it's possible.
0

You need to update the Flash Player settings so that your file path is listed as a "trusted location." You will then be able to use External Interface and other JS communication methods.

Also, you can't pass default JS functions from AS using External Interface (like alert). You need to write custom functions...

ActionScript:

import flash.external.ExternalInterface;
ExternalInterface.call("alertFromFlash", 'hello');

JavaScript:

function alertFromFlash(str) {
   alert(str);
}

Alternatively, if you're distributing this to a customer. It can be difficult to explain how to change Flash Player settings, so you can instead run a server from a CD, which bypassing the need for security settings. I've had good luck with the Flying Ant server in the past.

Improve this answer

3 Comments

sorry I've made my question more clear, I don't want users to have to alter their global flash settings.
Then running a local server, as I've described above, is the only way to go.
P.S. Or distribute as an HTML/JS AIR app with Flash embedded, but that has to be installed by the user.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.