09/04/08 Flash Player security update

by James on 16th March, 2008 in Flash

Well, I’m all for continually updating and improving products, but in the case of Flash it’s a real problem when it interferes with backwards-compatability and certain methods of working. I am of course, referrring to the issues that were encountered with sIFR Flash links, caused by the Flash Player version 9.0.115 (kudos to Mark Wubben for explaining this to me) and also in more general terms to the introduction of a rigid security model with Flash Player 8.

While we’re always doing our best to code in the most secure, efficent ways – like for example, using the ExternalInterface class as opposed to communicating with javascript via getURL(javascript:) [1] – there’s situations where these techniques weren’t available at the time they were written, and these are going to be broken by the update.

Adobe’s solution?

If your content is using “javascript:” within the prohibited networking APIs, you will need to rewrite your content. Developers are encouraged to use the ExternalInterface class for JavaScript-to-ActionScript communication.

Rewrite your code?! That like, must be breaking some unwritten rule of versioning, surely? Files published under a different version shouldn’t be mercy to the whims of newer players – otherwise, what’s the point?

Thanks to UnitZeroOne for their article which tipped me off.

ExternalInterface, Flash Player Security, Flash to Javascript Communication, getURL, JavaScript

About James

James is a Senior New Media Developer at MMT Digital, and has BA(Hons) in Design for Interactive Media from the University of Gloucestershire. He loves designing and producing all sorts of website and Flash-related things, as well as prattling on about technologies.Day-to-day he works with Flash, Dreamweaver, Director, Microsoft Office Sharepoint Server 2007 (MOSS) and in his spare time he mucks about in Flex and Wordpress.Follow James on Twitter.