09/04/08 Flash Player security update

Upcoming flash player update? Uh oh…

Well, I’m all for continually updating and improving products, but in the case of Flash it’s a real problem when it interferes with backwards-compatability and certain methods of working. I am of course, referrring to the issues that were encountered with sIFR Flash links, caused by the Flash Player version 9.0.115 (kudos to Mark Wubben for explaining this to me) and also in more general terms to the introduction of a rigid security model with Flash Player 8.

While we’re always doing our best to code in the most secure, efficent ways - like for example, using the ExternalInterface class as opposed to communicating with javascript via getURL(javascript:) [1] - there’s situations where these techniques weren’t available at the time they were written, and these are going to be broken by the update.

Adobe’s solution?

If your content is using “javascript:” within the prohibited networking APIs, you will need to rewrite your content. Developers are encouraged to use the ExternalInterface class for JavaScript-to-ActionScript communication.

Rewrite your code?! That like, must be breaking some unwritten rule of versioning, surely? Files published under a different version shouldn’t be mercy to the whims of newer players - otherwise, what’s the point?

Thanks to UnitZeroOne for their article which tipped me off.