I have definitely had them work with the local disk.
I have <!-- saved from url=(0014)about:internet --> at the top of my HTML file.
I am then also using the AC_FL_RunContent script that we use from AC_OETags.js
(ships with the html-template and Flex Builder).
<script>
AC_FL_RunContent(
"src", "catalog",
"width", "700",
"height", "528",
"align", "middle",
"id", "flexApp",
"quality", "high",
"bgcolor", "#ffffff",
"name", "catalog",
"allowScriptAccess","always",
"type", "application/x-shockwave-flash",
"pluginspage", "http://www.adobe.com/go/getflashplayer";
);
</script>
Note that allowScriptAccess is "always"
See how that goes?
Matt
________________________________________
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of
drome.dario
Sent: Tuesday, June 13, 2006 1:48 PM
To: [email protected]
Subject: [flexcoders] Re: One last try: Javascript security
Hi,
I have been banging my head against the wall for hours with the same
problem and, finally, i found a post that stated that
ExternalInterface.call and addCallBack do not work if either the html
wrapper or the html wrapper are in a local disk.
It seems to be due to the fact that using javascript you could reach
an internet location from the SWF application and that is
a "violation".
I totally agree with FineLine's plea: why is not there any way to let
the user to decide what is "security" for him/her?
Finally, dear FineLine, I decided to hook my application (HTML and
SWF) on a webserver and, in this way, there is no complaints from
ExternalInterface.
P.S.- Adbul, if you are able to find any workaround... Let us know
PLEASE.
--- In [email protected], "FineLine" <[EMAIL PROTECTED]> wrote:
>
> Hi Abdul
>
>
>
> Below is the source code for a simple demonstration of this
problem. The
> commented lines in the btn1_click method were an attempt at an
alternative
> technique, which also produced Flash security error.
>
>
>
> The external call works fine if the files are kept in the directory
where I
> originally compiled the Flex application, but when I move the
compiled SWF
> file and the HTML file to the root directory of my C: volume, I get
the
> error mentioned in the quoted post below.
>
>
>
>
>
>
>
> ---------------- MXML application:
>
>
>
> <?xml version="1.0" encoding="utf-8"?>
>
> <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml";
layout="absolute"
> width="100%" height="100%">
>
>
>
> <mx:Script>
>
> <![CDATA[
>
> import
flash.external.ExternalInterface;
>
> private function btn1_click
():void {
>
>
> ExternalInterface.call("test", "called from the Flash component")
>
> // var u:URLRequest
= new
> URLRequest ("javascript:test('called with navigateToUrl')");
>
> // navigateToURL
(u,'_self')
>
> }
>
> ]]>
>
> </mx:Script>
>
>
>
> <mx:Button id="btn1" label="Button" click="btn1_click
()" x="20"
> y="20"/>
>
>
>
> </mx:Application>
>
>
>
>
>
> --------------- HTML container page:
>
>
>
> <!-- saved from url=(0014)about:internet -->
>
> <html lang="en">
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-
8" />
>
> <title>ExternalTest</title>
>
> <script src="AC_OETags.js" language="javascript"></script>
>
> <style>
>
> body { margin: 0px; overflow:hidden }
>
> </style>
>
> </head>
>
>
>
> <body scroll='no'>
>
>
>
> <script language="JavaScript">
>
> function test (message) {alert ("Message reported to HTML
page: " +
> message);}
>
> </script>
>
>
>
> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
>
> id="ExternalTest" width="100%" height="100%"
>
>
>
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swfl
ash.ca
> b">
>
> <param name="movie" value="ExternalTest.swf" />
>
> <param name="quality" value="high" />
>
> <param name="bgcolor" value="#869ca7" />
>
> <param name="allowScriptAccess" value="always" />
>
> <embed src="ExternalTest.swf" quality="high"
bgcolor="#869ca7"
>
> width="100%" height="100%" name="ExternalTest"
> align="middle"
>
> play="true"
>
> loop="false"
>
> quality="high"
>
> allowScriptAccess="always"
>
> type="application/x-shockwave-flash"
>
>
pluginspage="http://www.macromedia.com/go/getflashplayer";>
>
> </embed>
>
> </object>
>
> </body>
>
> </html>
>
>
>
>
>
> _____
>
> From: [email protected]
[mailto:[EMAIL PROTECTED] On
> Behalf Of Abdul Qabiz
> Sent: Saturday, 10 June 2006 11:47 PM
> To: [email protected]
> Subject: Re: [flexcoders] One last try: Javascript security
>
>
>
> Hey,
>
> Can you please post a simple but complete code (Flex + Javascript),
I would
> like to look at it. Sorry, I am being bit lazy doing all that..
>
> -abdul
>
> On 6/10/06, FineLine <[EMAIL PROTECTED]> wrote:
>
> Hi Matt, I have just tested this -use-network=false option with the
command
> line compiler, still get the same security error in Flash player
when I try
> the call out to JavaScript:
>
>
>
> SecurityError: Error #2060: Security sandbox violation:
ExternalInterface
> caller file://C|\ExternalTest.swf may not access
file://C:\ExternalTest.htm.
>
> at flash.external::ExternalInterface$/call()
>
> at ExternalTest/::btn1_click()
>
> at ExternalTest/__btn1_click()
>
>
>
> Thanks for the suggestion, I will be interested in seeing your
sample app if
> possible, that might clear something up for me.
>
>
>
> Cheers, Tim
>
>
>
> _____
>
> From: [email protected] [mailto:
> <mailto:[email protected]> [EMAIL PROTECTED] On
Behalf
> Of Matt Chotin
> Sent: Thursday, 8 June 2006 3:59 PM
> To: [email protected]
> Subject: RE: [flexcoders] One last try: Javascript security
>
>
>
> Did you compile with -use-network=false? I have a sample app that
will be
> coming out where the HTML can communicate into the SWF. And I know
that the
> ExternalInterface was at least able to register the callbacks out.
I didn't
> try making calls from the SWF out.
>
>
>
> Also have you tried putting <!-- saved from url=(0014)
about:internet --> at
> the top of your HTML file? I seem to remember that being necessary
to allow
> local scripting.
>
>
>
> Matt
>
>
>
> _____
>
> From: [email protected]
[mailto:[EMAIL PROTECTED] On
> Behalf Of FineLine
> Sent: Wednesday, June 07, 2006 5:22 PM
> To: FlexCoders List
> Subject: [flexcoders] One last try: Javascript security
>
>
>
> Hi. I would like to raise this point one last time, before the Adobe
> engineers lock in this aspect of framework behaviour in the final
release.
>
>
>
> Is it really necessary to restrict the security of the Flash
Player / Flex
> Application model to such an extent that a flex application (SWF)
located
> *on a users local hard disk* cannot make calls to JavaScript
functions in
> its container page, also located on the same hard disk? (I have
described in
> the thread "Javascript security" my various attempts to disprove
this, to no
> avail).
>
>
>
> I understand why it should be impossible for Internet based
applications to
> operate within a strict sandbox, which prevents them from accessing
local
> resources. But surely, functions scripted within the application's
container
> page should also be considered to exist within the same sandbox?
And if not,
> how does it make sense that *Internet* based apps can call external
> JavaScript, whilst local ones can't?
>
>
>
> Flex is a fantastic, emerging cross-platform framework technology.
Imagine
> how useful it would be to be able to use visual Flex components
within
> local-machine applications developed using other technologies, such
as .NET,
> Java, Delphi etc. Whilst Flex provides excellent user interface
development
> capabilities, it is not a tool for the kind of business application
> development that these other environments excel in. It doesn't have
the same
> data modelling tools, low-level system APIs, encryption libraries,
etc. etc.
>
>
>
> If you could use Flex to develop custom components, which you could
then
> embed within a host application using a browser component, then you
would
> have the best of both worlds. Those who develop Flex components
would have a
> wider reach for their products. Many of you will have heard of
Mono, the
> cross-platform .NET implementation. The one area where Mono lags
most behind
> Microsoft's own implementation is in GUI development. Imagine
developing a
> cross platform app in .NET, using all its data access and business
process
> modelling power, with a Flex front end. Flex reads and writes .NET
datasets
> very easily (just convert them to XML, and you've got the power of
E4X to do
> all your manipulation within the UI layer).
>
>
>
> Maybe this can be put in the category of "Flex was never meant to
do that",
> but really, all it would take is being able to use the
ExternalInterface API
> to accept commands, report events and exchange data with the host
> application via scripted functions in the container page. Ideally,
the page
> shouldn't even have to exist on disk - it could be dynamically
created and
> fed to the browser component by the host application - but that's
getting a
> bit esoteric. The main thing is being able to establish
communications
> between Flex and its HTML page - an interface which already exists
in its
> entirety, but which is locked down in such a way that it is not
useable in
> this scenario, as it currently stands.
>
>
>
> Again, if anyone can prove me wrong on this, I'd love to hear how.
>
>
>
> Rant over, have a nice day. Cheers, Tim.
>
------------------------ Yahoo! Groups Sponsor --------------------~-->
You can search right from your browser? It's easy and it's free. See how.
http://us.click.yahoo.com/_7bhrC/NGxNAA/yQLSAA/nhFolB/TM
--------------------------------------------------------------------~->
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
