CODEWITHSUNDEEP
flashanalytics
Gili
Gili

Reputation: 90023

Can Flash objects detect the page they are embedded in?

Is there any way for a Flash component to look up the URL of the website it is embedded in? For example, if I embed a YouTube video on my website, does Google have any way of knowing who referred to them?

Upvotes: 1

Views: 88

Answers (2)

user797257
user797257

Reputation:

In addition to what Paulo said, this really depends on what you want to do. Do you want the SWF of other people to be misguided about the location it is in, or do you want your SWF to eavesdrop on the page it is in.

In first case, it might help to overload the JavaScript functions used to support AS-JS communication. This way you can pretend to be supplying the correct info to the SWF. Look up in Firebug all functions that start with something like __flash_*** it is possible to overload them and to make Flash use your version instead.

When pages are loaded into iframe and similar techniques such as to eavesdrop on your page w/o you knowing it (this is not strictly speaking related to Flash), but if the intent was that you use some SWF w/o it being aware of where it is, then you would try to figure out what exactly the parameters the dynamically created iframe sends in order to load the SWF file, and in the same fashion you can mimic that too. JavaScript is an open door for this kind of frauds, and it is inherently such. It's more of a competition where you have to be somewhat more secure then whoever is playing against you, than providing actual security :)

Just a hint if you were to overload EI functions:

with ({ "window" : { "location" : { "toString" : function() { return "woo-hoo!"; } } }})
{ alert(window.location.toString()); }

:)

Upvotes: 1

Paulo H.
Paulo H.

Reputation: 1258

Flash can use "ExternalInterface" to call some functions/methods on javascript (as window.location.toString()).

But with iframes (as youtube does now) they can read this using HTTP referrer =)

Upvotes: 1

Related Questions