Table of Contents
Advertisement
If two SWF files written with ActionScript 3.0 are served from different domains—for
example, http://siteA.com/swfA.swf and http://siteB.com/swfB.swf—then, by default, Flash
Player does not allow swfA.swf to script swfB.swf, nor swfB.swf to script swfA.swf. A SWF file
gives permission to SWF files from other domains by calling
calling
Security.allowDomain("siteA.com")
permission to script it.
In any cross-domain situation, it is important to be clear about the two parties involved. For
the purposes of this discussion, the side that is performing the cross-scripting is called the
accessing party (usually the accessing SWF), and the other side is called the party being accessed
(usually the SWF being accessed). When siteA.swf scripts siteB.swf, siteA.swf is the accessing
party, and siteB.swf is the party being accessed, as the following illustration shows:
siteA.com / swfA.swf
SWF
var url:String = "http://siteB.com/swfB.swf";
var req:URLRequest = new URLRequest(url);
myLoader.load(req);
myLoader.content.eggCount = 3;
myLoader.content.DisplayEggs();
cross-script
3
Security.allowDomain("siteA.com");
var eggCount:Number;
function DisplayEggs() { ... };
Cross-domain permissions that are established with the
are asymmetrical. In the previous example, siteA.swf can script siteB.swf, but siteB.swf cannot
script siteA.swf, because siteA.swf has not called the
give SWF files at siteB.com permission to script it. You can set up symmetrical permissions by
having both SWF files call the
, swfB.swf gives SWF files from siteA.com
permission
2
siteB.com / swfB.swf
Security.allowDomain()
Security.allowDomain()
load
1
SWF
Security.allowDomain()
Security.allowDomain()
method.
. By
method
method to
Cross-scripting
471
Advertisement
Chapters
Table of Contents
