We have
navigateToURL((new URLRequest(urlToLoad)), "_self");
in ActionScript. urlToLoad is received from param.
urlToLoad = loaderInfo.parameters[param]
So if someone would call our swf with
param=javascript:alert(document.domain)
it would show classic XSS technique in AS. Unfortunatelly, we also use that. I know that we should remove such mechanism, but it will have to wait until we switch to html5. I did search for solution all over the Internet (Google & Bing), but couldn't find acceptable solution.
Is there some way to white list only several of our own functions?
Related
I am using Vimeo's Flash API so that I can embed and read the timecode of a video using the playProgressHandler, pause it at certain times, pop a menu, and use buttons that trigger seekTo calls. Although everything works, the timecode is inaccurate to varying degrees. Anywhere from 1-2 seconds. I can tell this because:
1) If I play my video on Vimeo and pause it at 6:03 and do the same with it embedded in Flash the visuals do not match up. Flash is lagging behind a tad.
2) I did a test using the JavaScript API. My seekTo calls were consistently accurate. To seek to the same spot using the AS3 API I had to add 1.5 seconds. But even this isn't foolproof. Sometimes it works, but sometimes it's still off.
Any ideas what would account for this inaccuracy and how I might fix this problem? Yes, I can ditch the AS3 and use the JS version, but I'd prefer to just fix what I've already built.
(I also posted this on Vimeo's forum, but I'm following their "Limited support in API Forum" post which suggests to post here)
Unfortunately, there's not much we can do to fix this other than to recommend that you use our iframe embed.
It has to do with the way that we retrieve files from our CDN. Because Flash doesn't support byterange requests, we pass a parameter that returns part of the file starting at that position. The nature of how that works means it's always going to be imprecise.
I'm very frustrated with Google DoubleClick's AS3 documentation. I'm not an advanced ActionScript coder and I have limited experience with streaming video, but I feel like their API is omitting a lot of information about how these classes actually work.
I'm attempting to load an FLV to play in an expanded unit. Their video component API shows how to control playback of a video, but it doesn't say anything about how to actually load an flv file through code into the component.
http://www.google.com/doubleclick/studio/docs/sdk/flash/as3/en/com_google_ads_studio_video_VideoPlayer.html
I found a controller API, but I have no idea how a "controller" works, or what it is, and the API doesn't explain anything outside of vague general information. I assume the controller needs to be somehow associated with the video player component, but there's nothing anywhere on Google that explains this in any form.
http://www.google.com/doubleclick/studio/docs/sdk/flash/as3/en/com_google_ads_studio_video_VideoController.html
So, in conclusion, what I want is simple. I want to programically load an flv file into a video component on the stage, and have it play. I feel like this is a simple thing to do. I can do this with netstream objects and regular means, but Google has explained nothing in it's API on how to achieve this in studio rich media, and I have no idea how the inner workings of it's components function. Can anyone tell me how to achieve this?
For using video in Studio, you use either the basic or advanced video player component, and component inspector to specify your video, then upload all your assets.
You can literally browse through hundreds of templates, including filtering for features like video, and choose one that best fits your needs along with documentaion here.
http://www.richmediagallery.com/resources/template-database
Basic video overview
https://support.google.com/richmedia/answer/1719810?hl=en
I could only add 2 links to my answer above
Here is the AS3 API for video
http://www.google.com/doubleclick/studio/docs/sdk/flash/as3/en/com_google_ads_studio_video_VideoPlayer.html
And the one for video player advanced
http://www.google.com/doubleclick/studio/docs/sdk/flash/as3/en/com_google_ads_studio_video_VideoPlayerAdvanced.html
I'm trying to make a google maps style interface for a design project. I've got the drag/drop and zoom functions working, but I also want to make it react to gestures on a trackpad (macbook). I assumed 'listening' to the event.delta of a MouseEvent would do the trick, but somehow it's not working. So what's wrong with my code?
stage.addEventListener(MouseEvent.MOUSE_WHEEL, onMouseWheelEvent);
function onMouseWheelEvent(event:MouseEvent):void {
tafelOrigineel_mc.y += event.delta;
}
I have loaded the flash MouseEvents earlier in the document, so that shouldn't be the problem. After I got this working, I will try to use it on the x-axis too. Is that possible with the MOUSE_WHEEL eventlistener?
Thx in advance
It is a long time problem regarding flash player on MacOS.
MOUSE_WHEEL event won't dispatch on MacOS. Though there are some workarounds involving the use of JavaScript to detect the use of the wheel (over the entire flash content), if it isn't a issue, try checking one of those.
There is a list in this blog post:
http://www.impossibilities.com/v4/2009/03/06/flash-mousewheel-implementations-for-mac-os-x/
Suppose I have a flash application; let's say a chess game. The user is playing against a computer opponent. After every move, I want the flash application to add the move's "description" into the HTML of the page.
Does flash have this ability?
Are there any common round-about ways of doing this? Maybe the flash app updates a database, and some AJAX on the page frequently checks the database and adds content when appropriate.
Are there any examples on the web of this type of functionality?
From ActionScript, you can use ExternalInterface to call Javascript functions in the client browser, so yes, this is possible.
I see in my ActionScript 3.0 Bible, chapter 36 "Interfacing with JavaScript" that you can use flash.external.ExternalInterface to "both call JavaScript functions from Flash and to call ActionScript functions from JavaScript".
Therefore, you can change any DOM element from a JavaScript that you activate from Flash.
Your ActionScript code can access javascript methods that update the page's DOM.
You can access Javascript methods using the ExternalInterface class. more details at:
http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/flash/external/ExternalInterface.html
I'm downporting some ActionScript 3 to ActionScript 2 (some ad agencies sadly still refuse to embrace the future) and I've run into the issue that in ActionScript 2 ExternalInterface has no objectID property, as it does in ActionScript 3.
The code I'm working on calls a lot of JavaScript, and some of that code requires the script to know the ID of the Flash object/embed (for example to find the position on the page, and to resize the object/embed).
Is there a simple workaround to get hold of the object/embed ID in ActionScript 2?
I have managed to write some JavaScript code that basically searches all object and embed nodes on the page until it finds one with a special method (set with ExternalInterface.addCallback) and that way managed to get the ID into the ActionScript environment, but it feels like a hacky and unsafe method to rely on. Surely there is a simpler way?
Edit: I don't have control over the code that embeds the SWF, so passing in the ID doesn't work.
Is this what you looking for?
Simple actionscript 2 class that find it owns flash html object id.
http://sourceblogg.se/lang/en/mina-projekt/isitme-get-flash-html-object-id-within-flash/
What about passing the ID to the SWF via FlashVars? You should know the ID when you embed it, so it should be easy enough to add it as one of the FlashVars variables passed to Flash. Then store that somewhere your code that calls ExternalInterface can get at it.
Try the Flash Javascript Integration kit http://weblogs.macromedia.com/flashjavascript/ .
As far as I'm aware, the ExternalInterface class in AS3 was a formalisation of this AS2 solution.