Hi, I have been banging my head against the wall for hours with the same problem and, finally, i found a post that stated that ExternalInterface.call and addCallBack do not work if either the html wrapper or the html wrapper are in a local disk.
It seems to be due to the fact that using javascript you could reach an internet location from the SWF application and that is a "violation". I totally agree with FineLine's plea: why is not there any way to let the user to decide what is "security" for him/her? Finally, dear FineLine, I decided to hook my application (HTML and SWF) on a webserver and, in this way, there is no complaints from ExternalInterface. P.S.- Adbul, if you are able to find any workaround... Let us know PLEASE. --- In [email protected], "FineLine" <[EMAIL PROTECTED]> wrote: > > Hi Abdul > > > > Below is the source code for a simple demonstration of this problem. The > commented lines in the btn1_click method were an attempt at an alternative > technique, which also produced Flash security error. > > > > The external call works fine if the files are kept in the directory where I > originally compiled the Flex application, but when I move the compiled SWF > file and the HTML file to the root directory of my C: volume, I get the > error mentioned in the quoted post below. > > > > > > > > ---------------- MXML application: > > > > <?xml version="1.0" encoding="utf-8"?> > > <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"; layout="absolute" > width="100%" height="100%"> > > > > <mx:Script> > > <![CDATA[ > > import flash.external.ExternalInterface; > > private function btn1_click ():void { > > > ExternalInterface.call("test", "called from the Flash component") > > // var u:URLRequest = new > URLRequest ("javascript:test('called with navigateToUrl')"); > > // navigateToURL (u,'_self') > > } > > ]]> > > </mx:Script> > > > > <mx:Button id="btn1" label="Button" click="btn1_click ()" x="20" > y="20"/> > > > > </mx:Application> > > > > > > --------------- HTML container page: > > > > <!-- saved from url=(0014)about:internet --> > > <html lang="en"> > > <head> > > <meta http-equiv="Content-Type" content="text/html; charset=utf- 8" /> > > <title>ExternalTest</title> > > <script src="AC_OETags.js" language="javascript"></script> > > <style> > > body { margin: 0px; overflow:hidden } > > </style> > > </head> > > > > <body scroll='no'> > > > > <script language="JavaScript"> > > function test (message) {alert ("Message reported to HTML page: " + > message);} > > </script> > > > > <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" > > id="ExternalTest" width="100%" height="100%" > > > codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swfl ash.ca > b"> > > <param name="movie" value="ExternalTest.swf" /> > > <param name="quality" value="high" /> > > <param name="bgcolor" value="#869ca7" /> > > <param name="allowScriptAccess" value="always" /> > > <embed src="ExternalTest.swf" quality="high" bgcolor="#869ca7" > > width="100%" height="100%" name="ExternalTest" > align="middle" > > play="true" > > loop="false" > > quality="high" > > allowScriptAccess="always" > > type="application/x-shockwave-flash" > > pluginspage="http://www.macromedia.com/go/getflashplayer";> > > </embed> > > </object> > > </body> > > </html> > > > > > > _____ > > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of Abdul Qabiz > Sent: Saturday, 10 June 2006 11:47 PM > To: [email protected] > Subject: Re: [flexcoders] One last try: Javascript security > > > > Hey, > > Can you please post a simple but complete code (Flex + Javascript), I would > like to look at it. Sorry, I am being bit lazy doing all that.. > > -abdul > > On 6/10/06, FineLine <[EMAIL PROTECTED]> wrote: > > Hi Matt, I have just tested this -use-network=false option with the command > line compiler, still get the same security error in Flash player when I try > the call out to JavaScript: > > > > SecurityError: Error #2060: Security sandbox violation: ExternalInterface > caller file://C|\ExternalTest.swf may not access file://C:\ExternalTest.htm. > > at flash.external::ExternalInterface$/call() > > at ExternalTest/::btn1_click() > > at ExternalTest/__btn1_click() > > > > Thanks for the suggestion, I will be interested in seeing your sample app if > possible, that might clear something up for me. > > > > Cheers, Tim > > > > _____ > > From: [email protected] [mailto: > <mailto:[email protected]> [EMAIL PROTECTED] On Behalf > Of Matt Chotin > Sent: Thursday, 8 June 2006 3:59 PM > To: [email protected] > Subject: RE: [flexcoders] One last try: Javascript security > > > > Did you compile with -use-network=false? I have a sample app that will be > coming out where the HTML can communicate into the SWF. And I know that the > ExternalInterface was at least able to register the callbacks out. I didn't > try making calls from the SWF out. > > > > Also have you tried putting <!-- saved from url=(0014) about:internet --> at > the top of your HTML file? I seem to remember that being necessary to allow > local scripting. > > > > Matt > > > > _____ > > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of FineLine > Sent: Wednesday, June 07, 2006 5:22 PM > To: FlexCoders List > Subject: [flexcoders] One last try: Javascript security > > > > Hi. I would like to raise this point one last time, before the Adobe > engineers lock in this aspect of framework behaviour in the final release. > > > > Is it really necessary to restrict the security of the Flash Player / Flex > Application model to such an extent that a flex application (SWF) located > *on a users local hard disk* cannot make calls to JavaScript functions in > its container page, also located on the same hard disk? (I have described in > the thread "Javascript security" my various attempts to disprove this, to no > avail). > > > > I understand why it should be impossible for Internet based applications to > operate within a strict sandbox, which prevents them from accessing local > resources. But surely, functions scripted within the application's container > page should also be considered to exist within the same sandbox? And if not, > how does it make sense that *Internet* based apps can call external > JavaScript, whilst local ones can't? > > > > Flex is a fantastic, emerging cross-platform framework technology. Imagine > how useful it would be to be able to use visual Flex components within > local-machine applications developed using other technologies, such as .NET, > Java, Delphi etc. Whilst Flex provides excellent user interface development > capabilities, it is not a tool for the kind of business application > development that these other environments excel in. It doesn't have the same > data modelling tools, low-level system APIs, encryption libraries, etc. etc. > > > > If you could use Flex to develop custom components, which you could then > embed within a host application using a browser component, then you would > have the best of both worlds. Those who develop Flex components would have a > wider reach for their products. Many of you will have heard of Mono, the > cross-platform .NET implementation. The one area where Mono lags most behind > Microsoft's own implementation is in GUI development. Imagine developing a > cross platform app in .NET, using all its data access and business process > modelling power, with a Flex front end. Flex reads and writes .NET datasets > very easily (just convert them to XML, and you've got the power of E4X to do > all your manipulation within the UI layer). > > > > Maybe this can be put in the category of "Flex was never meant to do that", > but really, all it would take is being able to use the ExternalInterface API > to accept commands, report events and exchange data with the host > application via scripted functions in the container page. Ideally, the page > shouldn't even have to exist on disk - it could be dynamically created and > fed to the browser component by the host application - but that's getting a > bit esoteric. The main thing is being able to establish communications > between Flex and its HTML page - an interface which already exists in its > entirety, but which is locked down in such a way that it is not useable in > this scenario, as it currently stands. > > > > Again, if anyone can prove me wrong on this, I'd love to hear how. > > > > Rant over, have a nice day. Cheers, Tim. > ------------------------ Yahoo! Groups Sponsor --------------------~--> Everything you need is one click away. Make Yahoo! your home page now. http://us.click.yahoo.com/AHchtC/4FxNAA/yQLSAA/nhFolB/TM --------------------------------------------------------------------~-> -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
