Read flash variable from external domain with javascript

Posted on 2006-04-06
Last Modified: 2012-05-05
Dear Experts,

Anyone know if it's possible to avoid flash sandbox security to read a variable inside an swf from a javascript?

I don't need to pass the variable from flash to javascript calling some function, I need to directly read a variable inside flash using flash_object.GetVariable("myvariable");

More details:
I have the following.
A Swf file called test.swf with just this two lines:
line 1: var test="12345";
line 2: stop();

then I have a test_readflashvar.js file on the same site with just the flash object code that is written through document.write
and a javascript function testing() that tries to read variable test inside swf.
I have a timer that execute it every x secs.

function write_flash_object(url) {
 //code that write my flash object to document

function testing() {
    var o = getFlashMovieObject("flashobj"); //function that search for flash object
    if (o==null || o.PercentLoaded()<100) return;



Then I add the script to any of my websites (different domain where is located the swf file) <script src="http://target_domain/test_readflashvar.js"></script>

And when I load the page with the included script,  and it executes and the line alert(o.GetVariable("j")); I get the unspecified javascript error (=security access error).

Can anyone give a hint to overpass flash sandbox security control?

Question by:luigidenaro
    LVL 9

    Expert Comment

    The problem is on javascript side i think.
    In JS you cannot access any variable/object/function if they are not on the same domain (through an iframe for example).
    That's a browser security issue.
    Maybe this apply too on flash objects if not on same domain than the script.

    Author Comment

    It's a flash plugin security issue, I know, but maybe someone knows an alternative way to overpass it.

    Author Comment

    Well, after trying and trying I found the solution.
    Using this directive on main flash it avoid security restrictions for any domain."*");
    If u want to allow just a domain then is so simply like replacing the * for a domain in the way

    The problem on this is that the swf remains exposed for external hacking.

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    When you need to keep track of a simple list of numbers or strings, the Array object is your most direct tool.  As we saw in my earlier EE Article (, typical array handling might look like this: (CODE) B…
    Article by: DanRollins
    This article describes a JavaScript program that creates a maze made of hexagonal cells.  In Part 2 (, we'll extend the program by adding a depth-…
    The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
    The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now