User Guide

ManualsBrandsMacromedia ManualsOtherFLEX 2-PROGRAMMING ACTIONSCRIPT 3.0

481

482

483

484

485

486

487

488

489

490

Controlling access to scripts in a host web page 481

Setting LocalConnection permissions

The LocalConnection class lets you develop SWF files that can send instructions to each

other. LocalConnection objects can communicate only among SWF files that are running on

the same client computer, but they can be running in different applications—for example, a

SWF file running in a browser and a SWF file running in a projector.

For every LocalConnection communication, there is a sender SWF file and a listener SWF

file. By default, Flash Player allows LocalConnection communication between SWF files in

the same domain. For SWF files in different sandboxes, the listener must allow the sender

permission by using the

LocalConnection.allowDomain() method. The string you pass as

an argument to the

LocalConnection.allowDomain() method can contain any of the

following: exact domain names, IP addresses, and the

* wildcard.

A SWF file can use the

domain property of the LocalConnection class to determine its

domain.

Controlling access to scripts in a host

web page

Outbound scripting is achieved through use of the following ActionScript 3.0 APIs:

■ The flash.system.fscommand() function

■ The flash.net.navigateToURL() function (when specifying a scripting statement, such

navigateToURL("javascript: alert('Hello from Flash Player.')")

■ The flash.net.navigateToURL() function (when the window parameter is set to

"_top", "_self", or "_parent")

■ The ExternalInterface.call() method

For SWF files running locally, calls to these methods are sucessful only if the SWF file and the

containing web page (if there is one) are in the local-trusted security sandbox. Calls to these

methods fail if the content is in the local-with-networking or local-with-filesystem sandbox.

The

AllowScriptAccess parameter in the HTML code that loads a SWF file controls the

ability to perform outbound scripting from within a SWF file.

NOTE

The allowDomain() method has changed from the form it had in ActionScript 1.0 and

2.0. In those earlier versions, allowDomain() was a callback method that you

implemented. In ActionScript 3.0, allowDomain() is a built-in method of the

LocalConnection class that you call. With this change, allowDomain() works in much

the same way as Security.allowDomain().