Using AllowScriptAccess to control outbound scripting from Macromedia Flash
TheAllowScriptAccess parameter of the Macromedia Flash Player controls the ability to perform outbound scripting from within a Flash SWF. This feature requires Flash Player 6,0,40,0 or later.
Outbound scripting is achieved through use of FSCommand actions or getURL actions that specify a scripting statement.
Web pages that host Flash movies can set the parameter for the Macromedia Flash Player from the HTML code (PARAM tag for Internet Explorer, EMBED tag for Netscape Navigator).
AllowScriptAccesscan have two possible values: "always" and "never":  |
When AllowScriptAccess is "never", outbound scripting will always fail. |
| |
When AllowScriptAccess is "always", outbound scripting will always succeed. |
| |
IfAllowScriptAccess is not specified by an HTML page, it defaults to "always". |
Note:Earlier versions of the player will ignore this parameter, generally behaving as though AllowScriptAccess were set to "always".
Object Tag Example:
<PARAM NAME="AllowScriptAccess" VALUE="never">
Embed Tag Example:
<EMBED href="/support/flash/ts/documents/display.swf" AllowScriptAccess="never" ... (other parameters)></EMBED>
AllowScriptAccesscan prevent a SWF file hosted from one domain from accessing a script in an HTML page that comes from another domain. Using AllowScriptAccess="never" for all SWF files hosted from another domain can ensure security of scripts located in an HTML page.
For complete information on the potential security issue with allowing script access for SWF files from another domain, refer to Macromedia Flash Player Cross Server Scripting Security Issue.
Additional information
For information on how to detect Macromedia Flash Player, refer toHow to detect the presence of the Flash Player (TN 14526). The Macromedia Flash Detection Kit is the recommended method of detection, and will allow you to require a specified release version of Macromedia Flash Player.Macromedia is committed to the security of the Macromedia Flash Player, and invests considerable ongoing effort to ensure that the security and privacy of all Macromedia Flash Player users and all websites serving Macromedia Flash content are protected. For more information, or to report an issue to Macromedia, please refer to Macromedia Security Zone.
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
