AS3 Script Injection: Introduction
In AS3 Script Injection, complete and unmodified JavaScript and/or VBScript functions, class objects and applications are stored inside AS3 files using XML, and are then parsed, sent to the browser, and executed, allowing Flash and Flex developers to create a robust browser experience without the need to rely on server-side support scripts.
This tutorial will show how to inject and execute complete JavaScripts and VBScripts into a webpage through ActionScript 3's ExternalInterface Class. In addition, we will show how to store and modify complete JavaScript and VBScript scripts directly within AS3 sourcecode, where they may be safely kept until needed. Most of the techniques here may also be applied to AS2 applications with some minor modifications (which will be discussed).
ActionScript-based Script Injection offers the following benefits to developers:
- Server independence: SWF files may be hosted anywhere, and will simply add their own JavaScript-support files wherever they need them.
- Script Security: JavaScript and VBScript files are stored within the SWF, and as such are not normally subject to being read and/or modified without the developers consent.
- Transparency: Properly-written, Injected Scripts exist only during their execution, and then automatically garbage-collect themselves when they are no longer needed. And since they are executed anonymously, there's no danger of accidentally overwriting existing scripts on the webpage – unless you want to.
- Runtime Script Modification: Scripts may be modified like strings at runtime to address specific needs, unlike server-based scripts which are essentially static.
- On-Demand Scripting: Scripts are only injected into webpages when needed, conserving system resources.
- Compression: lengthy JavaScripts may take advantage of SWF compression: e.g. a 32k JavaScript file is only 5k when stored inside a SWF.
This is an ideal solution for Flash/Flex developers who need JavaScript to interact with the user's browser, but might not have full access to the webpage or server that their SWF application is actually hosted on. Flash Ads, YouTube-style video players, and games that may be hosted across multiple (and possibly unforseen) webpages are the first things that come to mind, but other possibilities abound.
Additionally, because the JavaScript files are stored within Flash and not externally, they are given a certain amount of anonymity and protection from being read and/or manipulated by third parties, and may take advantage of SWF compression.
Finally, because the scripts are inherently attached to Flash and exist as editable data within the AS3 file, they can be modified at runtime by the Flash application to create custom-tailored solutions based on specific needs, something that is difficult with generic server- and web-encoded scripting solutions.
Note: ActionScript Script Injection should not be confused with the hacker exploit of the same name, also known as Cross-Site Scripting or XSS. While the underlying concepts are similar, the implementation, intent and (above all) security differ greatly. ActionScript-based Script Injection is internal and available only to the Flash developer, as opposed to Hacker Injection, in which otherwise legitimate URLs are "packed" with executable third-party JavaScript code and launched at public Flash sites.
In the hands of a legitimate developer, AS3 Script Injection is a powerful tool that blurs the boundaries between Flash, webpages, the server, and the browser.
AS3 Script Injection: The Basics
Let's begin with a succinct definition of what we are about to do:
"In AS Script Injection, complete and unmodified JavaScript and/or VBScripts are stored inside AS3 files using XML, and are then parsed and sent to the browser, typically using the ExternalInterface class."
That's all there is to it. Of course, getting it all to actually work is the trick, and that's what this tutorial is all about.
Before we dive in, however, we must first dispel some common misconceptions about the ExternalInterface class:
- Flash's ExternalInterface can only call named functions.
- Called functions must already be on the webpage in <SCRIPT> tags.
- ExternalInterface only works with global functions.
- In browsers, ExternalInterface only works with JavaScript .
None of these are true, as we shall soon see:
False: Flash's ExternalInterface can only use named functions, and they must already be on the webpage inside <SCRIPT> tags.
Nothing could be further from the truth! ExternalInterface works by taking your supplied string and performing a JavaScript eval() on it, forcing the browser to see the string as a JavaScript function of the same name (if one exists). It then executes a call() on that function, adding any arguments you supplied.
The first key to script injection is that initial eval() statement; JavaScript 's eval function is far more powerful than ActionScript's, and will attempt to turn literally any string passed to it into a proper value, object or function. The only problem is that eval() only interprets a single entity (i.e. a single var, object, or function name) … send it two or more of these entities and it crashes.
This leads us to the second key element: the fact that JavaScript, like ActionScript, can "wrap" almost any number of individual entities within a single anonymous function. The eval() will see only this "Wrapper Function" (a single entity), but will happily interpret everything inside of it. That's dolomite baby!
Because of this, ExternalInterface can not only interact with unnamed functions, it can send them, execute them, and even get a result from them. Consider the following examples. We'll start with the "traditional" use of ExternalInterface, and build our way up to an Injected Script complete with Wrapper Function.
Traditionally, ExternalInterface takes a single string to be evaluated as a function name, and any number of optional arguments (primitives or simple objects), as shown below:
ExternalInterface.call("alert", "foo")
This "normal" form of ExternalInterface executes the JavaScript "alert()" function from Flash, and will display "foo" as the alert-text. But you can also write it like this, and it will function the exact same way:
分享到:
相关推荐
scratch少儿编程逻辑思维游戏源码-城堡战争.zip
内容概要:本文档汇集了来自字节跳动、腾讯、金山WPS、跟谁学和百度等大厂的Go工程师面试题,涵盖广泛的技术领域。主要包括Go语言特性(如goroutine调度、channel机制)、操作系统(进程间通信、线程调度)、计算机网络(TCP/IP协议栈、HTTP协议)、数据结构与算法(排序算法、LRU缓存)、数据库(MySQL索引优化、Redis内部机制)、分布式系统(负载均衡、服务发现)等方面的知识点。通过这些问题,不仅考察应聘者的理论基础,还测试其实际项目经验和技术深度。 适合人群:有一定Go语言编程经验和计算机基础知识的开发者,特别是准备应聘互联网大厂的中级及以上水平的后端工程师或全栈工程师。 使用场景及目标:①帮助求职者全面复习Go语言及其相关领域的核心概念;②为面试官提供有价值的参考题目,确保候选人具备解决复杂问题的能力;③指导工程师深入理解并掌握企业级应用开发所需的关键技能。 阅读建议:由于题目覆盖面广且难度较高,建议读者结合自身情况选择重点复习方向,同时配合实际编码练习加深理解。对于每个知识点,不仅要记住答案,更要理解背后的原理,这样才能在面试中灵活应对各种变体问题。
scratch少儿编程逻辑思维游戏源码-堡垒之夜(吃鸡游戏).zip
少儿编程scratch项目源代码文件案例素材-派.zip
scratch少儿编程逻辑思维游戏源码-Scratch 冒险.zip
2025 飞特舵机, Arduino版本
scratch少儿编程逻辑思维游戏源码-躲避.zip
内容概要:本文详细介绍了利用PFC5.0进行纤维混凝土三点弯曲模拟的方法。首先,作者展示了如何通过定义纤维的体积含量、长度、半径和刚度等关键参数来构建纤维网络。接着,描述了三点弯曲加载的具体实现方式,包括加载速率控制和终止条件设定。最后,提供了后处理方法,如绘制并导出力-位移曲线图,以便于分析材料破坏机制。文中还给出了若干实用建议,如纤维半径的选择范围、加载速率的初始值以及不同类型纤维的接触模型选择。 适合人群:从事材料科学尤其是混凝土材料研究的专业人士,以及对离散元法和数值模拟感兴趣的科研工作者。 使用场景及目标:适用于希望深入了解纤维混凝土力学性能的研究人员,旨在帮助他们掌握PFC5.0软件的操作技巧,优化模拟参数设置,提高实验效率。 其他说明:文中提供的代码片段可以直接应用于实际项目中,同时附带了一些实践经验分享,有助于初学者快速入门并避免常见错误。
少儿编程scratch项目源代码文件案例素材-生存V1(有BAG).zip
少儿编程scratch项目源代码文件案例素材-披萨机器人.zip
少儿编程scratch项目源代码文件案例素材-气球滑雪板.zip
少儿编程scratch项目源代码文件案例素材-使命召唤(苏联插旗).zip
1. GPIO模拟I2C 实战项目,根据正点原子 STM32F407ZGT6 进行更改; 2. 可适配STM32、GD32、HC32等MCU;
scratch少儿编程逻辑思维游戏源码-百米冲刺.zip
内容概要:本文档汇总了蓝桥杯历年试题及练习资源,涵盖编程类试题精选、硬件与单片机试题、练习资源与题库以及备考建议。编程类试题精选包括基础算法题(如数组求和、质因数分解)、经典算法案例(如最大子序列和、兰顿蚂蚁模拟)和数据结构应用(如字符全排列)。硬件与单片机试题主要涉及客观题考点,如BUCK电路和电源设计。练习资源与题库部分介绍了真题平台(如Dotcpp、CSDN专题)和专项训练包(如Python题库、Java百题集、C++真题解析)。备考建议分为分阶段练习(新手阶段、进阶提升)和模拟实战(如使用Dotcpp估分系统进行限时训练),强调按年份和组别分类练习,强化代码实现与调试能力。; 适合人群:准备参加蓝桥杯竞赛的学生及编程爱好者。; 使用场景及目标:①针对不同编程语言和难度级别的题目进行专项训练;②通过历年真题和模拟实战提高解题速度和准确性;③掌握算法设计、数据结构应用及硬件基础知识。; 阅读建议:此文档提供了丰富的试题和练习资源,建议根据自身水平选择合适的题目进行练习,并结合真题平台的估分系统和社区开源代码进行对比优化,逐步提升编程能力和竞赛水平。
内容概要:本文详细介绍了30kW储能PCS(电力转换系统)原理图的设计要点及其量产化过程中需要注意的技术细节。首先阐述了储能PCS的基本概念和重要性,接着深入探讨了主拓扑结构的选择,特别是双级式结构的优势以及关键组件如IGBT的驱动时序配置。随后讨论了控制算法的智能化改进,包括加入前馈补偿以提高系统的稳定性。此外,还强调了EMC设计、PCB布局、元件选择等方面的注意事项,并分享了一些实际生产中遇到的问题及解决方案。最后提到了自动化测试方法和散热管理策略,确保产品在各种环境下的可靠运行。 适合人群:从事储能系统设计、电力电子产品研发的工程师和技术人员。 使用场景及目标:帮助读者掌握30kW储能PCS从原理图设计到量产实施的全流程关键技术,提升产品的性能和可靠性,避免常见错误。 其他说明:文中提供了具体的代码片段和实践经验,有助于理解和应用相关理论。
少儿编程scratch项目源代码文件案例素材-喷气包多德.zip
内容概要:本文深入探讨了齿轮啮合性能及其动态特性,特别是直齿轮的基础参数计算、渐开线绘制以及接触力仿真的具体实现。首先介绍了齿轮的基本参数如模数、齿数、压力角等,并给出了具体的计算实例。接着详细讲解了如何利用Python进行渐开线的数学建模并绘图展示,强调了这种曲线对于确保齿轮平稳传动的重要性。然后讨论了齿轮在啮合过程中接触力的变化规律,提供了简化的Python代码来模拟这一现象。最后指出,在实际工程项目中应当借助专业的软件包如PyDy或ADAMS来进行更加精确的动力学分析,同时肯定了自行编写代码的价值在于能够更好地理解和排查问题。 适合人群:机械工程领域的研究人员、工程师以及相关专业的学生。 使用场景及目标:①帮助读者掌握齿轮基本理论知识;②指导读者运用Python编程技能完成简单的齿轮性能分析任务;③为后续深入研究提供思路和技术支持。 阅读建议:由于文中涉及较多的专业术语和数学公式,建议读者提前复习相关基础知识,并尝试运行提供的代码片段加深理解。此外,对于想要进一步探索该领域的读者来说,可以参考文末提到的专业工具包进行更复杂的研究。
少儿编程scratch项目源代码文件案例素材-任务.zip
少儿编程scratch项目源代码文件案例素材-时光大盗.zip