Hi Abdul, thanks for your reply. I am busy
today, but will prepare a sample which produces the error. I hope to have it
ready tomorrow (Australian time). BTW, I have set allowScriptAccess to “always”
and have observed this in Firefox and Internet Explorer. From: Ok, just confimed it works on my system also. On 6/10/06, Abdul
Qabiz <[EMAIL PROTECTED]>
wrote: Hey,
On 6/10/06, FineLine
<[EMAIL PROTECTED]>
wrote: Hi Matt, I have just
tested this –use-network=false option with the command line compiler, still get
the same security error in Flash player when I try the call out to _javascript_: SecurityError: Error
#2060: Security sandbox violation: ExternalInterface caller
file://C|\ExternalTest.swf may not access file://C:\ExternalTest.htm.
at flash.external::ExternalInterface$/call()
at ExternalTest/::btn1_click()
at ExternalTest/__btn1_click() Thanks for the
suggestion, I will be interested in seeing your sample app if possible, that
might clear something up for me. Cheers, Tim From: flexcoders@yahoogroups.com
[mailto:
flexcoders@yahoogroups.com] On Behalf Of Matt
Chotin Did you compile with
–use-network=false? I have a sample app that will be coming out where the
HTML can communicate into the SWF. And I know that the ExternalInterface
was at least able to register the callbacks out. I didn't try making
calls from the SWF out. Also have you tried
putting <!-- saved from url="" --> at the top of your
HTML file? I seem to remember that being necessary to allow local
scripting. Matt From: flexcoders@yahoogroups.com
[mailto:flexcoders@yahoogroups.com]
On Behalf Of FineLine Hi. I would like to raise this point
one last time, before the Adobe engineers lock in this aspect of framework
behaviour in the final release. Is it really necessary to restrict
the security of the Flash Player / Flex Application model to such an extent
that a flex application (SWF) located *on a
users local hard disk* cannot make calls to _javascript_ functions in
its container page, also located on the same hard disk? (I have described in
the thread "_javascript_ security" my various attempts to disprove
this, to no avail). I understand why it should be
impossible for Internet based applications to operate within a strict sandbox,
which prevents them from accessing local resources. But surely, functions
scripted within the application's container page should also be considered to
exist within the same sandbox? And if not, how does it make sense that *Internet* based apps can call external
_javascript_, whilst local ones can't? Flex is a fantastic, emerging
cross-platform framework technology. Imagine how useful it would be to be able
to use visual Flex components within local-machine applications developed using
other technologies, such as .NET, Java, Delphi etc. Whilst Flex provides
excellent user interface development capabilities, it is not a tool for the
kind of business application development that these other environments excel
in. It doesn't have the same data modelling tools, low-level system APIs,
encryption libraries, etc. etc. If you could use Flex to develop
custom components, which you could then embed within a host application using a
browser component, then you would have the best of both worlds. Those who
develop Flex components would have a wider reach for their products. Many of
you will have heard of Mono, the cross-platform .NET implementation. The one
area where Mono lags most behind Microsoft's own implementation is in GUI
development. Imagine developing a cross platform app in .NET, using all its
data access and business process modelling power, with a Flex front end. Flex
reads and writes .NET datasets very easily (just convert them to XML, and
you've got the power of E4X to do all your manipulation within the UI layer). Maybe this can be put in the
category of "Flex was never meant to do that", but really, all it
would take is being able to use the ExternalInterface API to accept commands,
report events and exchange data with the host application via scripted functions
in the container page. Ideally, the page shouldn't even have to exist on disk –
it could be dynamically created and fed to the browser component by the host
application – but that's getting a bit esoteric. The main thing is being able
to establish communications between Flex and its HTML page – an interface which
already exists in its entirety, but which is locked down in such a way that it
is not useable in this scenario, as it currently stands. Again, if anyone can prove me wrong
on this, I'd love to hear how. Rant over, have a nice day. Cheers,
Tim.
-- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
SPONSORED LINKS
YAHOO! GROUPS LINKS
|