如何在JavaScript和Flash之间进行跨域通信?
[英]How to make cross-domain communication between JavaScript and Flash?
问题描述
How do I open 'cross-domain security', so the JavaScript on the page can freely communicate with the SWF, even when this is hosted on another domain? 
如何打开“跨域安全性”,以便页面上的JavaScript可以自由地与SWF通信,即使这是在另一个域上托管的?
I know for certain that this function communication is blocked by default, but by playing around with a file called "crossdomain.xml" and the actionscript 3 function: system.Security.allowDomain("*"). 我确实知道默认情况下会阻止此函数通信,但是通过使用名为“crossdomain.xml”的文件和actionscript 3函数:system.Security.allowDomain(“*”)。 I'm not having full success though, and I don't have the insight to know which one is opening up for what. 虽然我没有取得足够的成功,但我没有洞察力知道哪一个是开放的。
Is there other hidden security layers, that I need to think of in this scenario? 是否有其他隐藏的安全层,在这种情况下我需要考虑哪些?
And am I opening up my code for potential hackers somehow by doing this setup? 我是否通过这种设置以某种方式为潜在的黑客开放我的代码?
(and in case you're wondering: Yes, I have to make this work in a scenario, where the html is hosted on one domain, the JavaScript is added externally from another domain and the SWF is embedded by the JavaScript from a third domain - don't ask why, it's too complicated to explain - I too wish I could just host the whole thing in one domain). (如果您想知道:是的,我必须在一个场景中进行此工作,其中html托管在一个域上,JavaScript从另一个域外部添加,而SWF由来自第三个域的JavaScript嵌入 - 不要问为什么,解释起来太复杂了 - 我也希望我能在一个域中托管整个事情。
2 个解决方案
解决方案1
17 已采纳 2009-01-16 23:53:39
Using Security.allowDomain("www.example.com") in the SWF will allow JS in a page from www.example.com to call functions exposed in the SWF with ExternalInterface.addCallback() . 在SWF中使用Security.allowDomain("www.example.com")将允许来自www.example.com的页面中的JS使用ExternalInterface.addCallback()调用SWF中公开的函数。 The domain and subdomain must match exactly. 域和子域必须完全匹配。 Using "*" will allow any domain to communicate with the SWF, but if you have one specific domain, it's better to use that. 使用"*"将允许任何域与SWF通信,但如果您有一个特定域,则最好使用它。
Setting allowScriptAccess to always in the HTML embed code will allow the SWF to to call JavaScript functions. 将allowScriptAccess设置为always在HTML嵌入代码中将允许SWF调用JavaScript函数。
One thing that catches many developers is that JavaScript will not be able to call functions on the SWF until the SWF is done loading. 捕获许多开发人员的一件事是,在SWF完成加载之前,JavaScript将无法调用SWF上的函数。 Unfortunately, there is no JS-based event that tells you when the SWF is ready (at least that I've found). 不幸的是,没有基于JS的事件可以告诉你什么时候SWF准备好了(至少我发现了)。 What I usually do to work around this problem is call a JS function from the SWF immediately when the SWF finishes loading to notify the page that the SWF is ready. 我通常做的解决这个问题的方法是在SWF完成加载时立即从SWF调用JS函数,以通知页面SWF已准备就绪。
There's some abstraction here and there, but if you take a look at the source code for YUI Charts , you might be able to figure out how Yahoo! 这里和那里有一些抽象,但如果你看一下YUI Charts的源代码,你或许可以弄明白Yahoo! got crossdomain JS/SWF communication working. 得到跨域JS / SWF通信工作。
解决方案2
1 2012-06-29 22:50:03
One thing I'd add to the previous answer: If you try the above code and it doesn't work, check to see if your site's address includes the "www" or not. 我在上一个答案中添加了一件事:如果你尝试上面的代码并且它不起作用,请检查你的网站的地址是否包含“www”。 Mine did not and didn't work if I wrote it as 如果我把它写成,那么我没有也没有工作
Security.allowDomain("www.jeremy-knight.com");
I needed to write it as: 我需要把它写成:
Security.allowDomain("jeremy-knight.com");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.