Jump to content

Search In
  • More options...
Find results that contain...
Find results in...
Jakob Sternberg

TweenMax AS2 subload creates domain security warnings

Recommended Posts



MovieA.swf (contains no greensock classes at all)

MovieB.swf (uses TweenMax)


When i load MovieB.swf (online) from MovieA.swf (local)  i get some warnings in the FlashEditor output. ( 3 x "MovieB.swf tried to access incompatible context "MovieA.swf")


Using System.security.allowDomain("*") does not solve or affect the problem at all. 

Everything works as expected, i just wish to get rid of the warnings.

I'm trying to streamline a small banner production framework for others/colleagues to use, and i'd rather have a "warning-free" setup =)

Link to comment
Share on other sites

I'm pretty sure that has nothing to do with any GreenSock code. It's just a Flash thing. Perhaps Google around and see what you find - maybe like this: http://stackoverflow.com/questions/11441645/as3-security-sandbox-violation


Maybe you're loading a remote file locally or visa-versa or maybe you need to set a LoaderContext and use an SWFLoader, etc. 

Link to comment
Share on other sites

Yep, as that Google result indicated, your problem is that you're loading a remote URL into a swf that you're running locally. Those are two different security domains. It has nothing to do with GreenSock code. If you run them both from the same domain, you'll be fine. Either both remote or both local.

Link to comment
Share on other sites

I think understand the security sandbox =)


Ok, but to my understanding/experience its possible to avoid these warnings by prepping empty objects in the local SWF.


Hmm, question, IS TweenMax setting variables and/or creating objects in parents, or root even?


( i had a quick look at the files but could not locate it )


So i guess what i'm after is, could i create some empty objects/variables, with the right names, in the rootSWF and avoid the warnings?

Link to comment
Share on other sites

No, I don't think so. 

Link to comment
Share on other sites

Ok it is these 3 lines, starting on line 237 in Animation.as, that causes the warnings:  you can put traces between them, and see for yourself.       

ticker.onEnterFrame = _tick;
ticker.addEventListener = _addTickListener;
ticker.removeEventListener = _removeTickListener;

So.. clearly it IS TweenLite/Max that causes the warnings. ( just to state it again xD )


The external SWF can use _roots.createEmptyMovieClip method, but the movieclip it returns has not any methods defined yet, so as the external SWF tries to define the three non-existing methods on the movieclip, we get the warnings.


i guess, defining it as a "flash thing" depends on how fixable it is =)

So, i made small hack illustrating that it is possible to avoid the warnings.

I have to create my own "ticker" in root, to be sure that i have "prepped" it for TweenMax


From anywhere in the "root" swf: (i know it could be shorter)

_root["_gsAnimationCustom"].onEnterFrame = null
_root["_gsAnimationCustom"].addEventListener = null
_root["_gsAnimationCustom"].removeEventListener = null

I would have to modify Animation.as before line 237:

if(typeof(mc["_gsAnimationCustom"]) === "movieclip"){
	ticker = mc["_gsAnimationCustom"]
}else {
	ticker = mc.createEmptyMovieClip("_gsAnimation" + String(version).split(".").join("_"), l);

Thats it, the warnings are gone!, and actually it only took two lines of code to make it possible to avoid the warnings. Please concider a solution (i see a few)



I've made a file-example illustrating the whole thing,greensock classes included:


Link to comment
Share on other sites

Ah, because this is AS2. Right, it must create a MovieClip at the root. That's not a flaw in GSAP, though - it's just necessary in AS2. What exactly do you have in mind for a solution? I really don't think this is worth editing the core for, because in all the years that we've had an AS2 flavor, I don't think this has EVER come up even once (before today). This is very much an edge case and it's not considered a good practice (security-wise) to load across security domains anyway. Plus Adobe dropped support for publishing AS2 two full release cycles ago :(

Link to comment
Share on other sites

I somewhat agree, still we deal with medias whos systems require AS2 banners.


But I'm also sure you are aware that greensock framwork is widely used , also in banner production workflows. 

In "Rich-media" you will in most cases have a external SWF loading another, also known as "polite load". You cannot stuff TweenMax into the polite part as its too heavy.. the whole idea of the polite load is that is has to be light. (often < 50kb), so the scenaraio of having TweenLite initializing from subloaded SWF is not that uncommon i think.


Again, it's totally harmless, and i'll agree that it's a"flash thing" in the sense that, if you check if TweenLite could actually create those methods, that you get warnings about, then you see it could!, also why everything works, you just get the darn warnings (so lame why you cant turn them off)



Solutions for picky users:


Well for the "prep a movieclip"-technique, a very simple fix would be on line 236, (if im not too wrong)

var gsMcName:String = "_gsAnimation" + String(version).split(".").join("_");
ticker = mc[gsMcName] || mc.createEmptyMovieClip(gsMcName, l);

Then the user could do in _root SWF:

_root.createEmptyMovieClip("_gsAnimation" + String(com.greensock.core.Animation.version).split(".").join("_"),_root.getNextHighestDepth());

Requires action by user, but codechange is minimal, and fully backwardscompatible


It could be a "prepper" class, that could be available? (entirely seperate from core, only creating the movieclip)

import com.greensock.*



I'm still thinking,... if you could somehow trick the ticker mc to set the handlers on itself - but i guess that would be inventing a way to circumvent sandbox entirely, so i don't think it's possible =P


Edit: Corrected the "if movieclip exists" script part..

Link to comment
Share on other sites

Ok, a little more complete version:



With only two lines changed in Animation.as..

var gsMcName:String = "_gsAnimation" + String(version).split(".").join("_");
ticker = mc[gsMcName] || mc.createEmptyMovieClip(gsMcName, l);

...I can avoid the warnings by adding this snippet in root SWF  (Or any SWF or Timeline, as long as there IS one in the actual root, if not?..nothing!, i just get the warnings.)

function gsPrepSubload(){
    if( _url === _root._url){
        //Only if we are somewhere in _root SWF, or it doesn't matter
        var gsMcName:String = "_gsAnimation" + String(com.greensock.core.Animation.version).split(".").join("_")
        var l:Number = 999;
        while (_root.getInstanceAtDepth(l)) l++;
        var gsMc:MovieClip = _root[gsMcName] || _root.createEmptyMovieClip(gsMcName,l);        
        if(!gsMc.onEnterFrame) gsMc.onEnterFrame = gsMc.addEventListener = gsMc.removeEventListener = null;

// Anywhere in root SWF
Link to comment
Share on other sites

I know my solution as a whole may not be very elegant, but the core change alone should be fine and really minimal as can be. Functionally-wise i don't see the code-change would break anything.


What you achieve by making the change is little, i agree... But, on the other hand, it's basically costless.

I hope you will concider it. =)

Link to comment
Share on other sites

Another solution could be to optionally make Animation.as create the _gsAnimation mc in the same SWF as the class was included, MovieB.swf ( An "option", same way you set OverwriteManager)


That would probably mean a couple of bad things, -  if that SWF gets unloaded, GSAP would stop working. - You could end up creating multiple mc's on multiple timelines. etc etc.


Again, these facts would just be "known" limitations when using the option.


It would take a few more lines of code in core, but you would get around having to do any "prepping" in MovieA.swf when using this method.

Link to comment
Share on other sites

  • 2 weeks later...

This is in the latest release, by the way :)

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.