The flash.net package contains package-level functions for opening a new browser window, sending a URL request to a server, and dealing with class aliases.
Function | Defined By | ||
---|---|---|---|
Looks up a class that previously had an alias registered through a call to the registerClassAlias()
method. | flash.net | ||
Opens or replaces a window in the application that contains the Flash Player container
(usually a browser). | flash.net | ||
Preserves the class (type) of an object when the object is encoded in Action Message Format (AMF). | flash.net | ||
Sends a URL request to a server, but ignores any response. | flash.net |
getClassByAlias | () | function |
public function getClassByAlias(aliasName:String):Class
Language Version: | ActionScript 3.0 |
Runtime Versions: | AIR 1.0, Flash Player 9, Flash Lite 4 |
Looks up a class that previously had an alias registered through a call to the registerClassAlias()
method.
This method does not interact with the flash.utils.getDefinitionByName()
method.
Parameters
aliasName:String — The alias to find.
|
Class — The class associated with the given alias. If not found, an exception will be thrown.
|
Throws
ReferenceError — The alias was not registered.
|
Related API Elements
navigateToURL | () | function |
public function navigateToURL(request:URLRequest, window:String = null):void
Language Version: | ActionScript 3.0 |
Runtime Versions: | AIR 1.0, Flash Player 9, Flash Lite 4 |
Opens or replaces a window in the application that contains the Flash Player container (usually a browser). In Adobe AIR, the function opens a URL in the default application for handling the URI scheme. For example, the default system web browser opens for the http: and https: URI schemes.
Important Security Note
Developers often pass URL values to the navigateToURL()
function that were obtained from external sources
such as FlashVars. Attackers may try to manipulate these external sources to perform attacks such as cross-site scripting.
In AIR, attackers could attempt to open other applications.
Therefore, developers should validate all URLs before passing them to this function.
Good data validation for URLs can mean different things depending on the usage of the URL within the overall application. The most common data validation techniques include validating that the URL is of the appropriate scheme. For instance, unintentionally allowing javascript: URLs may result in cross-site scripting. Validating that the URL is a within your domain can ensure that the SWF file can't be used as an open-redirector by people who conduct phishing attacks. For additional security, you may also choose to validate the path of the URL and to validate that the URL conforms to the RFC guidelines
For example, the following code shows a simple example of performing data validation by denying any URL that does not begin with http:// or https:// and validating that the URL is within your domain name. This example may not be appropriate for all web applications and you should consider whether additional checks against the URL are necessary.
// AS3 Regular expression pattern match for URLs that start with http:// and https:// plus your domain name. function checkProtocol (flashVarURL:String):Boolean { // Get the domain name for the SWF if it is not known at compile time. // If the domain is known at compile time, then the following two lines can be replaced with a hard coded string. var my_lc:LocalConnection = new LocalConnection(); var domainName:String = my_lc.domain; // Build the RegEx to test the URL. // This RegEx assumes that there is at least one "/" after the // domain. http://www.mysite.com will not match. var pattern:RegExp = new RegExp("^http[s]?\:\\/\\/([^\\/]+)\\/"); var result:Object = pattern.exec(flashVarURL); if (result == null || result[1] != domainName || flashVarURL.length >= 4096) { return (false); } return (true); }
For local content running in a browser, calls to the
navigateToURL()
method that specify a "javascript:"
pseudo-protocol
(via a URLRequest
object passed as the first parameter) are only permitted if the SWF
file and the containing web page (if there is one) are in the local-trusted security sandbox.
Some browsers do not support using the javascript protocol with the navigateToURL()
method. Instead, consider using the call()
method of the ExternalInterface
API to invoke JavaScript methods within the enclosing HTML page.
In Flash Player, and in non-application sandboxes in Adobe AIR, you cannot connect to commonly reserved ports. For a complete list of blocked ports, see "Restricting Networking APIs" in the ActionScript 3.0 Developer's Guide.
In Flash Player 10 and later running in a browser, using this method programmatically to open a pop-up window may not be successful. Various browsers (and browser configurations) may block pop-up windows at any time; it is not possible to guarantee any pop-up window will appear. However, for the best chance of success, use this method to open a pop-up window only in code that executes as a direct result of a user action (for example, in an event handler for a mouse click or key-press event.)
In Flash Player 10 and later, if you use a multipart Content-Type (for example "multipart/form-data") that contains an upload (indicated by a "filename" parameter in a "content-disposition" header within the POST body), the POST operation is subject to the security rules applied to uploads:
- The POST operation must be performed in response to a user-initiated action, such as a mouse click or key press.
- If the POST operation is cross-domain (the POST target is not on the same server as the SWF file that is sending the POST request), the target server must provide a URL policy file that permits cross-domain access.
Also, for any multipart Content-Type, the syntax must be valid (according to the RFC2046 standards). If the syntax appears to be invalid, the POST operation is subject to the security rules applied to uploads.
In AIR 3 and later, any URI scheme can be used in the URL to be launched. If a suitable application is registered with the operating system to handle the URI scheme, then that application is launched. Only AIR content running in the application security sandbox can use arbitrary URI schemes. Content running in other sandboxes can only navigate to file:, mailto:, http: and https: URLs.
//Invoke the VIP Access Application. navigateToURL(new URLRequest("vipaccess://com.verisign.mvip.main?action=securitycode")); //Invoke the Connect Pro Application. navigateToURL(new URLRequest("connectpro://"));
Parameters
request:URLRequest — A URLRequest object that specifies the URL to navigate to.
For content running in Adobe AIR, when
using the | |
window:String (default = null ) — The browser window or HTML frame in which to display
the document indicated by the request parameter.
You can enter the name of a specific window or use one of the following values:
If you do not specify a value for this parameter, a new empty window is created.
In the stand-alone player, you can either specify a new ( Note: When code in a SWF file that is running in the
local-with-filesystem sandbox calls the |
Throws
IOError — The digest property of the request object is not
null . You should only set the digest property of a URLRequest object
for use calling the URLLoader.load() method when loading a SWZ file (an Adobe
platform component).
| |
SecurityError — In Flash Player (and in non-application sandbox content in Adobe AIR),
this error is thrown in the following situations:
| |
Error — If the method is not called in response to a user action, such as a mouse
event or keypress event. This requirement only applies to content in Flash Player and
to non-application sandbox content in Adobe AIR.
|
More examples
Related API Elements
Example ( How to use this example )
package { import flash.display.Sprite; import flash.net.navigateToURL; import flash.net.URLRequest; import flash.net.URLVariables; public class NavigateToURLExample extends Sprite { public function NavigateToURLExample() { var url:String = "http://www.adobe.com"; var variables:URLVariables = new URLVariables(); variables.exampleSessionId = new Date().getTime(); variables.exampleUserLabel = "Your Name"; var request:URLRequest = new URLRequest(url); request.data = variables; try { navigateToURL(request); } catch (e:Error) { // handle error here } } } }
// Requires // - Button symbol on Stage (or a display object, such as a MovieClip) with instance name "buttonSymbol" // buttonSymbol.addEventListener(MouseEvent.CLICK, buttonSymbol_click); function buttonSymbol_click(evt:MouseEvent):void { var req:URLRequest = new URLRequest("http://www.adobe.com/"); navigateToURL(req, "_blank"); }
registerClassAlias | () | function |
public function registerClassAlias(aliasName:String, classObject:Class):void
Language Version: | ActionScript 3.0 |
Runtime Versions: | AIR 1.0, Flash Player 9, Flash Lite 4 |
Preserves the class (type) of an object when the object is encoded in Action Message Format (AMF). When you encode an object into AMF, this function saves the alias for its class, so that you can recover the class when decoding the object. If the encoding context did not register an alias for an object's class, the object is encoded as an anonymous object. Similarly, if the decoding context does not have the same alias registered, an anonymous object is created for the decoded data.
LocalConnection, ByteArray, SharedObject, NetConnection and NetStream are all examples of classes that encode objects in AMF.
The encoding and decoding contexts do not need to use the same class for an alias; they can intentionally change classes, provided that the destination class contains all of the members that the source class serializes.
Parameters
aliasName:String — The alias to use.
| |
classObject:Class — The class associated with the given alias.
|
Throws
TypeError — If either parameter is null .
|
Related API Elements
Example ( How to use this example )
registerClassAlias()
function to register
an alias (com.example.eg
) for the class ExampleClass. Because
an alias is registered for the class, the object is able to be deserialized as an instance
of ExampleClass, and the code outputs true
. If the registerClassAlias()
call were removed, the code would output false
.
package { import flash.display.Sprite; import flash.net.registerClassAlias; import flash.utils.ByteArray; public class RegisterClassAliasExample extends Sprite { public function RegisterClassAliasExample() { registerClassAlias("com.example.eg", ExampleClass); var eg1:ExampleClass = new ExampleClass(); var ba:ByteArray = new ByteArray(); ba.writeObject(eg1); ba.position = 0; var eg2:* = ba.readObject(); trace(eg2 is ExampleClass); // true } } } class ExampleClass {}
sendToURL | () | function |
public function sendToURL(request:URLRequest):void
Language Version: | ActionScript 3.0 |
Runtime Versions: | AIR 1.0, Flash Player 9, Flash Lite 4 |
Sends a URL request to a server, but ignores any response.
To examine the server response, use the URLLoader.load()
method instead.
You cannot connect to commonly reserved ports. For a complete list of blocked ports, see "Restricting Networking APIs" in the ActionScript 3.0 Developer's Guide.
You can prevent a SWF file from using this method by setting the
allowNetworking
parameter of the the object
and embed
tags in the HTML page that contains the SWF content.
In Flash Player 10 and later, if you use a multipart Content-Type (for example "multipart/form-data") that contains an upload (indicated by a "filename" parameter in a "content-disposition" header within the POST body), the POST operation is subject to the security rules applied to uploads:
- The POST operation must be performed in response to a user-initiated action, such as a mouse click or key press.
- If the POST operation is cross-domain (the POST target is not on the same server as the SWF file that is sending the POST request), the target server must provide a URL policy file that permits cross-domain access.
Also, for any multipart Content-Type, the syntax must be valid (according to the RFC2046 standards). If the syntax appears to be invalid, the POST operation is subject to the security rules applied to uploads.
For more information related to security, see the Flash Player Developer Center Topic: Security.
Parameters
request:URLRequest — A URLRequest object specifying the URL to send data to.
|
Throws
SecurityError — Local untrusted SWF files cannot communicate with
the Internet. You can avoid this situation by reclassifying this SWF file
as local-with-networking or trusted.
| |
SecurityError — You cannot connect to commonly reserved ports.
For a complete list of blocked ports, see "Restricting Networking APIs" in the
ActionScript 3.0 Developer's Guide.
|
Example ( How to use this example )
package { import flash.display.Sprite; import flash.net.URLRequest; import flash.net.URLVariables; import flash.net.sendToURL; public class SendToURLExample extends Sprite { public function SendToURLExample() { var url:String = "http://www.yourDomain.com/application.jsp"; var variables:URLVariables = new URLVariables(); variables.sessionId = new Date().getTime(); variables.userLabel = "Your Name"; var request:URLRequest = new URLRequest(url); request.data = variables; trace("sendToURL: " + request.url + "?" + request.data); try { sendToURL(request); } catch (e:Error) { // handle error here } } } }
Mon Nov 28 2011, 07:46 AM -08:00