Handy Flash Domain Reading

“How can a Flash file see the address of the page its on?”

Get asked that one quite a lot. I’ve put some thought into it and have begun toying with a few ideas.

The other day I was browsing the Class libraries (like you do) and I stumbled across two methods of getting domain information inside Flash, both examples will use the following url as their content path:

<a href="news/index.php">https://www.davidmillington.net/news/index.php</a>

In the HTML the top page swf header has its full address that looks like this:

<a href="shared/swf/navi.swf?sec=news">https://www.davidmillington.net/shared/swf/navi.swf?sec=news</a>


<object type="application/x-shockwave-flash" data="/shared/swf/navi.swf?sec=news" width="770px" height="76px">
<param name="movie" value="/shared/swf/navi.swf?sec=news" />

Inside Flash we can use the LocalConnection class to get the domain name:

var domain_lc:LocalConnection = new LocalConnection();
/* traces <a href="https://www.davidmillington.net/">www.davidmillington.net</a> */

The second method is simply:

/* traces <a href="shared/swf/navi.swf?sec=news">https://www.davidmillington.net/shared/swf/navi.swf?sec=news</a> */

Each time you load a Flash movie its _url property gets set to the address it was loaded from.

Im not sure what would happen if you used server side path rewriting to do something like

<a href="news/shared/navi.swf">https://www.davidmillington.net/news/shared/navi.swf</a>

as the path used in the Flash objects data attribute. If that was seen inside Flash instead of its real location then it means you could easily parse that string to get the page name “/news” and then the real path “/shared/navi.swf”. Then its just a case of using “?sec=” + pagename in the rewrite system. Like I said though, without testing it I’m not sure which address it will see.

I’m going to do a test with a few http headers and see what I get. The most promising idea so far is to capture all requests for .swf files and then append the url of the page that requested it via the HTTP_REFERER header. I’m not sure if that will include the actual page name so that’s why this is a test.

Comments: None so far...be the first!

Leave a reply

Your email address will not be published. Required fields are marked *

Everything has a purpose. The Emperor ordains it so. You may corrupt the souls of men but I Am steel! I am doom! I march for Macragge! AND I KNOW NO FEAR!

— Proteus, Ultramarine