The following advanced parameter must be set using the SWFObject, if one uses Flash 8 (and 9) ExternalInterface :

name = allowscriptaccess
value = always

As it is this parameter cannot be set with the swfobject module.

Since Flash 8 ExternalInterface is the standard way of having Flash talk to Javascript and have Javascript talk to Flash, rather than the old deprecated fscommand. It is also so MUCH more powerful.

Comments

Chill35’s picture

I am very familiar with the use of the swfobject library.
(http://www.blog.deconcept.com/swfobject/)

I know that the "allowscriptaccess" parameter must be set using the SWF method "addParam()" AFTER the creation of the Flash Object, on that object.

Here is a dirty trick to add the required parameter to make Flash ExternalInterface work :

add this line :

$output .= "$id.addParam('allowscriptaccess','always');\n";

after line 294 of swfobject.module (outside of the loop...)

The long and clean way would be to let the Drupal admin choose to add that parameter or not, which requires a little more work, i.e. adding that option in the collapsable & collapsed advanced menu of the configuration of the swfobject block.

Chill35’s picture

From "Web Design in a Nutshell" :

param name="allowScriptAccess" value="always|never|sameDomain"

This attribute controls the Flash movie's ability to access JavaScript or VBScript on the HTML page containing the Flash movie. Flash can call JavaScript or VBScript using functions using fscommand( ) or getURL( ) calls within the Flash movie. A value of sameDomain allows the Flash movie to access any script on the page as long as the HTML and .swf files reside on the same domain. A value of always allows the Flash movie to access any script on the page regardless of the domain, and a value of never prevents the Flash movie from accessing any scripts.

I can't remember for the life of me why "same" had not worked for me way back when I was testing ExpernalInterface with the SWFObject (from Geoff Stearns).

I also tested the UFO object which works reaallllllly welll, it is simpler than SWFObject AND IT IS OPEN SOURCE. :

http://www.bobbyvandersluis.com/ufo/

Chill35’s picture

Title: missing advanced parameter » Here is the clean change

After line 195 of swfobject.module, that is after this line :

);

Add the following block of code :


$form['opt']['swfobject_allowscriptaccess_'. $delta] = array(
'#type' => 'select',
'#title' => t('Allowscriptaccess'),
'#description' => t('This attribute controls the Flash movie\'s ability to access JavaScript on the HTML page containing the Flash movie. Flash can call JavaScript using fscommand( ) or getURL( ) within the Flash movie, or using the Flash 8 ExternalInterface class.

  • never prevents communication between JavaScript and Flash.
  • sameDomain enables Flash to access any script on the page as long as the HTML and .swf file reside on the same domain.
  • always allows the Flash movie to access any script on the page regardless of the domain.

'),
'#default_value' => variable_get('swfobject_allowscriptaccess_'. $delta,'never'),
'#options' => drupal_map_assoc(array('never','sameDomain','always')),
);

Chill35’s picture

Title: Here is the clean change » missing advanced parameter

Oups...

Here I go again :

  $form['opt']['swfobject_allowscriptaccess_'. $delta] = array(
        '#type' => 'select', 
        '#title' => t('Allowscriptaccess'), 
        '#description' => t('This attribute controls the Flash movie\'s ability to access JavaScript on the HTML page containing the Flash movie. Flash can call JavaScript using fscommand( ) or getURL( ) within the Flash movie, or using the Flash 8  ExternalInterface class.
                             <ul><li><b>never</b> prevents communication between JavaScript and Flash.</li>
                                 <li><b>sameDomain</b> enables Flash to access any script on the page as long as the HTML and .swf file reside on the same domain.</li>
                                 <li><b>always</b> allows the Flash movie to access any script on the page regardless of the domain.</li></ul>
                                 '),
        '#default_value' => variable_get('swfobject_allowscriptaccess_'. $delta,'never'),
        '#options' => drupal_map_assoc(array('never','sameDomain','always')),
      );
Chill35’s picture

I forgot something :

This line :

  // optional parameter fields                      
  $opt_params = array('wmode','play','loop','menu','quality','scale');

must be changed to that line :

  // optional parameter fields                      
  $opt_params = array('wmode','play','loop','menu','quality','scale','allowscriptaccess');

I tested it and it works great.

Chill35’s picture

My posts no 4 and 5 ARE the clean change.

Post no 1 suggestion, a.k.a. the dirty fix, is really not suitable as it hard-codes the parameter.

I'd love to see this added to the module.

I unfortunately don't have time to create a patch myself, I hope that somebody else will!

Chill35’s picture

Version: 4.7.x-1.x-dev » master
Component: User interface » Code
Chill35’s picture

Priority: Normal » Minor
Status: Active » Closed (fixed)

According to Macromedia (http://www.adobe.com/devnet/flash/articles/external_interface_print.html) :

allowScriptAccess default: For SWFs of Flash Player 8 and later, the default value for the HTML allowScriptAccess parameter is "sameDomain" rather than "always". This does not affect SWFs of Flash Player 7 or earlier. The allowScriptAccess parameter controls whether SWFs may call out to JavaScript in HTML pages. (...)
If allowScriptAccess is not explicitly specified by an HTML page, the default value for the embedded SWF file is set to "sameDomain" in Flash Player 8 and to "always" in earlier versions (...)
JavaScript functions can be called only from the same domain in a web page. However, when you test it locally and from another domain, the SWF file is set to allowScriptAccess = "always".

I tested ExternalInterface with Flash in Drupal using the swfObject module without any change to it, and it worked grrrreat. I will test more if I get more time.

So Macromedia is right : in both Firefox and IE 7, in Windows, the default allowscriptaccess property is set to sameDomain, so there's no need to set it in Drupal. ("sameDomain" is the way to go when one uses ExternalInterface, even on a local machine, given that there's a server).

I confirm that without a server, it won't work. But then Drupal won't work either. So that's not an issue.

Sorry for that! I was wrong.