Flash CS4 Resources
Controlling outbound URL access
Outbound scripting and URL access (through the use of HTTP URLs, mailto: and so on) are achieved through use of the following ActionScript 3.0 APIs:
For SWF files running locally, calls to these methods are successful only if the SWF file and the containing web page (if there is one) are in the local-trusted security sandbox. Calls to these methods fail if the content is in the local-with-networking or local-with-filesystem sandbox.
For SWF files that are not running locally, all of these APIs can communicate with the web page in which they are embedded, depending on the value of the AllowScriptAccess parameter described below. The flash.net.navigateToURL() function has the additional ability to communicate with any open browser window or frame, not just the page in which the SWF file is embedded. For more information on this functionality, see Using the navigateToURL() function.
The AllowScriptAccess parameter in the HTML code that loads a SWF file controls the ability to perform outbound URL access from within the SWF file. Set this parameter inside the PARAM or EMBED tag. If no value is set for AllowScriptAccess, the SWF file and the HTML page can communicate only if both are from the same domain.
The AllowScriptAccess parameter can have one of three possible values: "always", "sameDomain", or "never".
Here is an example of setting the AllowScriptAccess tag in an HTML page to allow outbound URL access to a different domain:
<object id='MyMovie.swf' classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' codebase='http://download.adobe.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0' height='100%' width='100%'> <param name='AllowScriptAccess' value='always'/> <param name='src' value=''MyMovie.swf'/> <embed name='MyMovie.swf' pluginspage='http://www.adobe.com/go/getflashplayer' src='MyMovie.swf' height='100%' width='100%' AllowScriptAccess='never'/> </object>
Using the navigateToURL() function
In addition to the security setting specified by the allowScriptAccess parameter discussed above, the navigateToURL() function has an optional second parameter - target. The target parameter can be used to specify the name of an HTML window or frame to send the URL request to. Additional security restrictions apply to such requests, and the restrictions vary depending on whether navigateToURL() is being used as a scripting or non-scripting statement.
For non-scripting statements (such as HTTP, HTTPS, and mailto:, the request fails if all of the following conditions apply:
For more information
For more information on outbound URL access, see the following entries in the ActionScript 3.0 Language and Components Reference: