[ Pobierz całość w formacie PDF ]
.2 and later.Earlier versions do not support Flash JavaScript methods andFSCommand in Netscape 6.2 or later.For Netscape 6.2 and later, you do not need to set swLiveConnect to true.However, settingswLiveConnect to true has no adverse effects.Flash Player security featuresBy default, Flash Player 7 and later prevents a SWF file served from one domain from accessingdata, objects, or variables from SWF files that are served from different domains cannot accesseach other s objects and variables.In addition, content that is loaded through nonsecure (non-HTTPS) protocols cannot access content loaded through a secure (HTTPS) protocol, even whenboth are in exactly the same domain.For example, a SWF file located at http://www.macromedia.com/main.swf cannot load data from https://www.macromedia.com/data.txtwithout explicit permission.Nor can a SWF file served from one domain load data (usingloadVariables(), for example) from another domain.Identical numeric IP addresses are compatible.However, a domain name is not compatible withan IP address, even if the domain name resolves to the same IP address.The following table shows examples of compatible domains:www.macromedia.com www.macromedia.comdata.macromedia.com data.macromedia.com65.57.83.12 65.57.83.12The following table shows examples of incompatible domains:www.macromedia.com data.macromedia.commacromedia.com www.macromedia.comwww.macromedia.com macromedia.com65.57.83.12 www.macromedia.com (even if this domain resolves to 65.57.83.12 )www.macromedia.com 65.57.83.12 (even if www.macromedia.com resolves to this IP)188 Chapter 10: Working with External DataFor information on how to permit a SWF file served from one domain to access data, objects, orvariables from SWF files that are served from another domain, see About allowing data accessbetween cross-domain SWF files on page 189.For information on how to permit a SWF fileserved from a secure (HTTPS) protocol to access data, objects, or variables from SWF files thatare served from insecure protocols, see About allowing HTTP to HTTPS protocol accessbetween SWF files on page 190.For information on how to permit a SWF file served from onedomain to load data (using loadVariables(), for example) from another domain, see Aboutallowing cross-domain data loading on page 190.For information about how these security changes affect content authored in Flash MX andearlier, see About compatibility with previous Flash Player security models on page 191.About allowing data access between cross-domain SWF filesOne SWF file can load another SWF file from any location on the Internet.However, in order forthe two SWF files to be able to access each other s data (variables and objects), the two files mustoriginate from the same domain.By default, in Flash Player 7 and later, the two domains mustmatch exactly in order for the two files to share data.However, a SWF file may grant access toSWF files served from specific domains by calling LocalConnection.allowDomain orSystem.security.allowDomain().For example, suppose main.swf is served from www.macromedia.com.That SWF file then loadsanother SWF file (data.swf) from data.macromedia.com into a movie clip instance (target_mc).// In macromedia.swftarget_mc.loadMovie("http://data.macromedia.com/data.swf");Furthermore, suppose that data.swf defines a method named getData() on its main Timeline.By default, main.swf cannot call the getData() method defined in data.swf once that file hasloaded.This is because the two SWF files don t reside in the same domain.For example, thefollowing method call in main.swf, once data.swf has loaded, will fail.// In macromedia.swf, after data.swf has loaded:target_mc.getData(); // This method call will failHowever, data.swf may grant access to SWF files served from www.macromedia.com by using theLocalConnection.allowDomain handler or the System.security.allowDomain() method,depending on the type of access required.The following code, added to data.swf, allows a SWFfile served from www.macromedia.com to access its variables and methods:// Within data.swfSystem.security.allowDomain("www.macromedia.com");my_lc.allowDomain = function(sendingDomain) {return(sendingDomain=="www.macromedia.com");}Notice that allowDomain permits any SWF file in the allowed domain to script any other SWFfile in the domain permitting the access, unless the SWF file being accessed is hosted on a siteusing a secure protocol (HTTPS).In this case, you must use allowInsecureDomain instead ofallowDomain; see About allowing HTTP to HTTPS protocol access between SWF files below.For more information on domain-name matching, see Flash Player security featureson page 188.Flash Player security features 189About allowing HTTP to HTTPS protocol access between SWF filesAs discussed in the previous section, you must use an allowDomain handler or method to permita SWF file in one domain to be accessed by a SWF file in another domain
[ Pobierz całość w formacie PDF ]