Read flash variable from external domain with javascript

Posted on 2006-04-06
Medium Priority
Last Modified: 2012-05-05
Dear Experts,

Anyone know if it's possible to avoid flash sandbox security to read a variable inside an swf from a javascript?

I don't need to pass the variable from flash to javascript calling some function, I need to directly read a variable inside flash using flash_object.GetVariable("myvariable");

More details:
I have the following.
A Swf file called test.swf with just this two lines:
line 1: var test="12345";
line 2: stop();

then I have a test_readflashvar.js file on the same site with just the flash object code that is written through document.write
and a javascript function testing() that tries to read variable test inside swf.
I have a timer that execute it every x secs.

function write_flash_object(url) {
 //code that write my flash object to document

function testing() {
    var o = getFlashMovieObject("flashobj"); //function that search for flash object
    if (o==null || o.PercentLoaded()<100) return;



Then I add the script to any of my websites (different domain where is located the swf file) <script src="http://target_domain/test_readflashvar.js"></script>

And when I load the page with the included script,  and it executes and the line alert(o.GetVariable("j")); I get the unspecified javascript error (=security access error).

Can anyone give a hint to overpass flash sandbox security control?

Question by:luigidenaro
  • 2

Expert Comment

ID: 16396910
The problem is on javascript side i think.
In JS you cannot access any variable/object/function if they are not on the same domain (through an iframe for example).
That's a browser security issue.
Maybe this apply too on flash objects if not on same domain than the script.

Author Comment

ID: 16396947
It's a flash plugin security issue, I know, but maybe someone knows an alternative way to overpass it.

Author Comment

ID: 16397449
Well, after trying and trying I found the solution.
Using this directive on main flash it avoid security restrictions for any domain.

If u want to allow just a domain then is so simply like replacing the * for a domain in the way http://www.domain.com

The problem on this is that the swf remains exposed for external hacking.

Accepted Solution

GranMod earned 0 total points
ID: 16646002
PAQed with points refunded (500)

Community Support Moderator

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my daily work (mainly using ASP.net), I need to write a lot of JavaScript code. One of the most repetitive tasks I do are the jQuery Ajax calls. You know: (CODE) I don't know if for you it's the same, but for me is soooo tedious to write the …
Article by: DanRollins
This article describes a JavaScript program that creates a maze made of hexagonal cells.  In Part 2 (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_7850-Hex-Maze-Part-2.html), we'll extend the program by adding a depth-…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question