ADOBE® FLEX® 3: PROGRAMMING ACTIONSCRIPT™ 3.0

ADOBE FLEX 3

Developer Guide

558

If you published a version 6 SWF file and created persistent shared objects from it, to retrieve those persistent shared

objects from a SWF that uses ActionScript 3.0, you must set

Security.exactSettings to false before calling

SharedObject.getLocal().

Setting LocalConnection permissions

The LocalConnection class lets you develop SWF files that can send instructions to each other. LocalConnection

objects can communicate only among SWF files that are running on the same client computer, but they can be

running in different applications—for example, a SWF file running in a browser and a SWF file running in a

projector.

For every LocalConnection communication, there is a sender SWF file and a listener SWF file. By default, Flash

Player allows LocalConnection communication between SWF files in the same domain. For SWF files in different

sandboxes, the listener must allow the sender permission by using the

LocalConnection.allowDomain() method.

The string you pass as an argument to the

LocalConnection.allowDomain() method can contain any of the

following: exact domain names, IP addresses, and the

* wildcard.

Note: The

allowDomain() method has changed from the form it had in ActionScript 1.0 and 2.0. In those earlier

versions,

allowDomain() was a callback method that you implemented. In ActionScript 3.0, allowDomain() is a

built-in method of the LocalConnection class that you call. With this change,

allowDomain() works in much the same

way as

Security.allowDomain().

A SWF file can use the

domain property of the LocalConnection class to determine its domain.

Controlling access to scripts in a host web page

Outbound scripting is achieved through use of the following ActionScript 3.0 APIs:

• The flash.system.fscommand() function

• The flash.net.navigateToURL() function (when specifying a scripting statement, such as

navigateToURL("javascript: alert('Hello from Flash Player.')")

• The flash.net.navigateToURL() function (when the window parameter is set to "_top", "_self", or

"_parent")

• The ExternalInterface.call() method

For SWF files running locally, calls to these methods are successful only if the SWF file and the containing web page

(if there is one) are in the local-trusted security sandbox. Calls to these methods fail if the content is in the local-

with-networking or local-with-filesystem sandbox.

The

AllowScriptAccess parameter in the HTML code that loads a SWF file controls the ability to perform

outbound scripting from within a SWF file.

Set this parameter in the HTML code for the web page that hosts a SWF file. You set the parameter in the

PARAM or

EMBED tag.

The

AllowScriptAccess parameter can have one of three possible values: "always", "sameDomain", or "never":

• When AllowScriptAccess is "sameDomain", outbound scripting is allowed only if the SWF file and the web

page are in the same domain. This is the default for AVM2 content.

Get ADOBE® FLEX® 3: PROGRAMMING ACTIONSCRIPT™ 3.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ADOBE® FLEX® 3: PROGRAMMING ACTIONSCRIPT™ 3.0 by Adobe Systems

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly