Cross-domain classes in ActionScript 2.0
Yes, you are right that we still live in a world with ActionScript 2.0 somewhere.
As described by
Adobe
, content loaded from different domains belong to different sandboxes, and you can make them communicate to each other by calling System.security.allowDomain(”*”).
However, this only permits you calling methods in the swf from the other domain, not the class definitions. In order to create an instance of a class from the other domain, you have to:
// http://domain1/a.swf _global["Tier"] = _root._parent.GetClassTier(); var t = new Tier();
and
// http://domain2/b.swf
class Tier {
//...
}
function GetClassTier() {
return _global.Tier;
}
Ok, now you are able to create a cross-domain instances. Then what about extending from a cross-domain class? The key is letting b.swf to load from a “proxy” class.
// http://domain3/c.swf
class Hund extends Tier {
//...
}
and
// http://domain3/c_proxy.swf _global["Tier"] = mc._parent.GetClassTier(); // call MovieClipLoader to load c.swf here
The reason you must have a proxy is bc AVM1 executes class definition in initClip stage when the loadee MovieClip is not available yet to access the loader MovieClip. If you try to extend from a class which was not in _global yet, it will never get a proper super value.
It’s ugly that you have to do such hack, while not so bad ‘cz you’re survived!
Cross-domain bug inside ActionScript 2.0
I believe it’s a bug: you turned off security check, it still tells you there’s a security violation when two swf read varibles from each other in certain way; however you end up finding that’s only a warning, you can still do it as is.
a.fla:
import System.security;
System.security.allowDomain("*");
function onLoadInit( mc:MovieClip ){
mc.test({test:"test"});
}
mcl = new MovieClipLoader();
mcl.addListener( this );
mcl.loadClip( "http://127.0.0.1/b.swf?"+Math.random(),
this.createEmptyMovieClip( "_container", this.getNextHighestDepth() ) );
b.fla:
import System.security;
System.security.allowDomain("*");
function test(o) {
trace("test func");
for(var i in o) { // violation happen here before any trace() below
trace(i);
}
}
Type http://localhost/a.swf, now you’ll get the buggy dump in log.In fact, there are an other couple of way to reproduce this, such as read/write an undefined member in a cross-domain object.
A new player to the desktop RIA playground?
With the release of
GTalk Lab Ed
, an desltop version of
GTalk Gadget
, Google has showed up its achievement of
WebKit
engine embedding. After Adobe AIR, Mozilla Prism and
some announcement
from m$, the search giant maybe also silently joined the Desktop RIA game. Will the
gears
finally become a
Porsche? Let’s guess…
Developer Platform Comparison: MySpace vs. Facebook
MySpace China
has opened its
developer platform
to some beta testers. Similar to
Facebook Platform
,
the dev zone has a list of APIs, some language wrappers(only
ActionScript for now) for the API and a test console. Detailed
comparison follows:
| MySpace | ||
|---|---|---|
| RESTful API | yes | yes (see below) |
| Query | FQL | n/a |
| Markup | FBML + FBJS | n/a |
| Test Console | yes | yes |
| Authentication | own protocol | OAuth |
| SDK | 15+ | 1 for now |
Generally,
I appericiate their picking up of OAuth. But the number of objects and
functions accessible via API is too much fewer than Facebook’s.
OpenSocial API to push activities is still on its way either.
Well, for MySpace, opening is a big step, but too early to give them a bravo.
OAuth Core 1.0 Final in Chinese
Official Document in English
and
My Translation in Chinese
(中文版附录暂未翻译)
The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.
OAuth协议致力于使网站和应用程序(统称为消费方)能够在无须用户透露其认证证书(译注:如登录密码)的情况下,通过API访问某个web服务(统称为服务提供方)的受保护资源。更一般地说,OAuth为API认证提供了一个可自由实现且通用的方法。
Get Spread Toolkit and inotify-tools PHPized
Get them from Google Code SVN.
svn checkout http://php-spread.googlecode.com/svn/trunk/ php-spread-read-only
svn checkout http://php-inotifytools.googlecode.com/svn/trunk/ php-inotifytools-read-only
File upload with URLRequest in AIR
A function to help upload without FileReference.upload() in AIR HTML/JS application.
Function Parameters:
void PrepareMultipartRequest(
URLRequest request,
ByteArray file_bytes,
string field_name = "file",
string native_path = "C:FILE",
object data_before = {},
object data_after = {}
);
Sample JS Code:
var request = new air.URLRequest('http://example.com/upload.php');
var loader = new air.URLLoader();
var file = new air.File('C:\TEST.TXT'); //use file.browseForOpen() on ur wish
var stream = new air.FileStream();
var buf = new air.ByteArray();
var extra = {
"id": "abcd"
};
stream.open(file, air.FileMode.READ);
stream.readBytes(buf);
MultipartRequest(request, buf, 'myfile', file.nativePath, extra);
loader.load(request);
Sample PHP Code:
$id = $_POST['id']; move_uploaded_file($_FILES['myfile']['tmp_name'], '/opt/blahblah');
Download:
multipart.js
Original idea inspired from
here
.
Memcached hack by Sina guys
a BDB-backended memcached hack
http://code.google.com/p/memcachedb/
similar to Tugela.
Supported memcache command
* get, set, add, replace
* incr, decr
* delete
* stats
* flush_all
Private commands
* db_checkpoint
* db_archive