Is it possible to access static fields declared in a host application by movies loaded dynamically using SWFLoader

views:

466

answers:

Is it possible to access static fields declared in a host application by movies loaded dynamically using SWFLoader

Is it possible to access declared static fields in a host by a dynamically loaded movie (provided the loaded movie is from a fully trusted domain).

My main concern is to make sure we don't expose data to loaded swf's, but want to still listen to events (via hosted apps callback functions) fired by the loaded swf.

UPDATE

SWFLoader (for flex) and Loader (flash) do vary. SWFLoader wraps Loader, but until Flex API 3.2 (or 3.3?) it seems you can't get direct access to the loaders contentLoaderInfo, which is used as the link to the loaded swf's loaderInfo without having to access first the content property of the host swfloader. In Flex 3.3, they introduce a proprety on SWFLoader.swfBridge that (looking at the source code) exposes the contentLoaderInfo.sharedEvents object of the nested Loader.

But there still seems to be an issue : swfBridge (on the event.COMPLETE) seems to be null?

So how do we get host SWFLoader's contentLoaderInfo.sharedEvents object ?

+1 A:

If you're application A.swf loads a file B.swf from a different domain, and on B.swf's domain there is a crossdomain policy file allowing A.swf to access B.swf's content, yes you can access pretty much all there is inside the B.swf including static fields. You read those using the TextSnapshot class.

If you want A.swf to load B.swf from a different domain, but don't want A.swf to have access to B.swf's content, simply don't allow it to, as for events, I remember there was something called SharedEvents. I was lucky enough not to need this yet, but I remember reading about this in Essential Actionscript 3.0. There was a whole boring chapter about Security. Sorry I can't provide a more concrete example as I'm not responding from my personal experience.

Goodluck!

George Profenza 2009-05-03 14:17:51

It would nice that the loaded coded only gets access via classes and functions the host app passes in. ie. registering an event listener. Say if we have a clase A, with static variable (a var not a const) B ie. A.B, if we call A.B in the host app, and A.B in the loaded swf, does the loaded app see the same B ?

nso1 2009-05-05 12:05:27

Shared events looks interesting.

nso1 2009-05-05 12:06:16

It's possible to have class A with static propery B which initially is null and is assigned a value in the Event.INIT handler, but it depends how much you go into B. If you are going to use A.B.doSomething(), that means you will be calling method doSomething inside B.swf, therefore accessing Loader.contents which should throw a Security Sandbox Error as you're not allowed to look inside the contents without permission. SharedEvents might be you're best bet.Have look in chapter 19 of Essential Actionscript 3.0. There is a scenario with a guy loading a banner from a separat domain.

George Profenza 2009-05-05 18:49:42

I don't know if I'm allowed to do this, hope it's ok with O'Reilly...it's just a bit of text:"Insomecases, .swf filesfromdifferent domainsmaywishtoshareeventswithout allowingfull cross-scriptingprivileges. Toaccount forsuchsituations, FlashPlayer provides the LoaderInfoclass’s instance variable sharedEvents. The sharedEvents variableisasimple, neutral object throughwhichtwo.swf filescanpasseventsto eachother, regardless of security restrictions. The technique allows event-based inter-.swf communicationwithoutsecurityconcessionsbutinvolvesmorecodethan theallowDomain() alternative." ...

George Profenza 2009-05-05 18:56:42

"Let’sexploresharedEventsthroughanexamplescenario.SupposeTommyrunsafire- workscompanywithaFlash-basedpromotionalwebsite,www.blast.ca.Tommyhires acontractor,Derek,toproduceaself-containedmouseeffectthatrandomlygenerates animatedfireworkexplosions behindthemousepointer. Derekcreates a.swf file, MouseEffect.swf, containingthe effect, andposts it at www.dereksflasheffects.com/ MouseEffect.swf. Derektells TommytoloadMouseEffect.swf intohis application, www.blast.ca/BlastSite.swf. DerekandTommyagreethat MouseEffect.swf " ...

George Profenza 2009-05-05 18:57:30

"shouldbe hostedatwww.dereksflasheffects.comsothatDerekcaneasilyupdatethefilewithout requiring any changes to Tommy’s web site. Tommyasks DerektomakeMouseEffect.swf stopgeneratingexplosions whenthe mousepointerleavesFlashPlayer’sdisplayarea. Derekthinksthat’sasensibleidea andstarts writingtheappropriatecode. Normally, inorder todetect themouse’s departurefromFlashPlayer’sdisplayarea,codeinMouseEffect.swfwouldregisterfor Event.MOUSE_LEAVEeventswiththeStageinstance. However, becauseMouseEffect.swf andBlastSite.swfcomefromdifferentdomains, MouseEffect.swfdoesnothaveaccess" ...

George Profenza 2009-05-05 18:57:53

"tothe Stage instance. Tommy decides that, rather thangive MouseEffect.swf full access to BlastSite.swf, he’ll simply forward all Event.MOUSE_LEAVE events to MouseEffect.swf viasharedEvents. Example12-6 shows the relevant event-forwarding code fromBlastSite.swf." ...

George Profenza 2009-05-05 18:58:41

"Example12-6.Forwarding an event through sharedEvents package { import flash.display.*; import flash.net.*; import flash.events.*; import flash.system.*; public class BlastSite extends Sprite { private var loader:Loader; public function BlastSite () { // Load MouseEffect.swf loader = new Loader(); loader.load( new URLRequest("http://www.dereksflasheffects.com/MouseEffect.swf")); addChild(loader); // Register for Event.MOUSE_LEAVE events stage.addEventListener(Event.MOUSE_LEAVE, mouseLeaveListener); } "..

George Profenza 2009-05-05 18:59:19

" // When Event.MOUSE_LEAVE occurs... private function mouseLeaveListener (e:Event):void { // ...forward it to MouseEffect.swf loader.contentLoaderInfo.sharedEvents.dispatchEvent(e); } } } "

George Profenza 2009-05-05 18:59:30

"Handling Events Across Security Boundaries | 239 Example12-7 shows the relevant event-handling code fromMouseEffect.swf: Example12-7.Handling an Event Targeted at sharedEvents package { import flash.display.Sprite; import flash.events.*; public class MouseEffect extends Sprite { public function MouseEffect () { // Register for Event.MOUSE_LEAVE with sharedEvents loaderInfo.sharedEvents.addEventListener(Event.MOUSE_LEAVE, mouseLeaveListener); }

George Profenza 2009-05-05 19:00:13

" // Handles Event.MOUSE_LEAVE events targeted at sharedEvents private function mouseLeaveListener (e:Event):void { trace("MouseEffect.mouseLeaveListener() was invoked..."); // Stop the explosions effect here... } } } DerekgetspaidandputsthemoneytowardsatriptoJapan. Tommyishappywith the explosion effect, although he’s not sure it has increased his sales. " Quote from Essential Actionscript 3.0 by Colin Moock, published by O'Reilly. All rights and copyright goes to them obviously. I was just citing and hope that's ok :)

George Profenza 2009-05-05 19:01:43

It was chapter 12.Events and Event Handling, not 19, but 19 is handy as well: Flash Player Security Restrictions.Goodluck

George Profenza 2009-05-05 19:02:43

ansaurus

tags:

views:

answers:

Is it possible to access static fields declared in a host application by movies loaded dynamically using SWFLoader

related questions