Developer Guide
If you published a version 6 SWF file and created persistent shared objects from it, to retrieve those persistent shared
objects from a SWF that uses ActionScript 3.0, you must set
Security.exactSettings to false before calling
Setting LocalConnection permissions
The LocalConnection class lets you develop SWF files that can send instructions to each other. LocalConnection
objects can communicate only among SWF files that are running on the same client computer, but they can be
running in different applications—for example, a SWF file running in a browser and a SWF file running in a
For every LocalConnection communication, there is a sender SWF file and a listener SWF file. By default, Flash
Player allows LocalConnection communication between SWF files in the same domain. For SWF files in different
sandboxes, the listener must allow the sender permission by using the
LocalConnection.allowDomain() method.
The string you pass as an argument to the
LocalConnection.allowDomain() method can contain any of the
following: exact domain names, IP addresses, and the
* wildcard.
Note: The
allowDomain() method has changed from the form it had in ActionScript 1.0 and 2.0. In those earlier
allowDomain() was a callback method that you implemented. In ActionScript 3.0, allowDomain() is a
built-in method of the LocalConnection class that you call. With this change,
allowDomain() works in much the same
way as
A SWF file can use the
domain property of the LocalConnection class to determine its domain.
Controlling access to scripts in a host web page
Outbound scripting is achieved through use of the following ActionScript 3.0 APIs:
The flash.system.fscommand() function
The function (when specifying a scripting statement, such as
navigateToURL("javascript: alert('Hello from Flash Player.')")
The function (when the window parameter is set to "_top", "_self", or
The method
For SWF files running locally, calls to these methods are successful only if the SWF file and the containing web page
(if there is one) are in the local-trusted security sandbox. Calls to these methods fail if the content is in the local-
with-networking or local-with-filesystem sandbox.
AllowScriptAccess parameter in the HTML code that loads a SWF file controls the ability to perform
outbound scripting from within a SWF file.
Set this parameter in the HTML code for the web page that hosts a SWF file. You set the parameter in the
EMBED tag.
AllowScriptAccess parameter can have one of three possible values: "always", "sameDomain", or "never":
When AllowScriptAccess is "sameDomain", outbound scripting is allowed only if the SWF file and the web
page are in the same domain. This is the default for AVM2 content.

Get ADOBE® FLEX® 3: PROGRAMMING ACTIONSCRIPT™ 3.0 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.