Twitter: raymondcamden


Address: Lafayette, LA, USA

FlashVars in Flex

12-11-2006 10,785 views Flex 10 Comments

As a developer on the receiving end of Flash files, I've gotten used to dealing with FlashVars as a way to configure a Flash application. I've wondered how I'd do this in Flex though. Joao Fernandes sent me some sample code and showed me the way.

Consider this simple Flex page:

view plain print about
1<?xml version="1.0" encoding="utf-8" ?>
2<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute" xmlns:comp="components.*">
3    
4    <mx:Script>
5    <![CDATA[
6    import mx.controls.Alert;
7    
8    private function test():void {
9        Alert.show(this.parameters.flashvar1+' '+this.parameters.flashvar2, "Flashvars");    
10    }
11    ]]>
12    </mx:Script>
13    
14    <mx:Button id="btnTest" label="Test" click="test()" />
15    
16</mx:Application>

Note the this.parameters? This lets me get access to the flashvars. I named them flashvar1 and flashvar2 which isn't very creative. Obviously it could be any name. To pass the variables in you can simply edit the generated HTML.

view plain print about
1"flashvars",'flashvar1=ray&flashvar2=camden&historyUrl=history.htm%3F&lconid=' + lc_id + '',

Don't forget that each Flex project has an HTML template. It would make sense to edit the template so you don't have to re-edit the generated HTML after each build.

This should help take care of the "root CFC" issue I mentioned a week or so ago.

10 Comments

  • Commented on 12-11-2006 at 3:47 PM
    Excellent - this will come in handy. Do you know if you could pass an entire struct (object) as a var and then access it as this.parameters.keyName?
  • Commented on 12-11-2006 at 3:50 PM
    My understanding is that flashvars only allow simple values, like url query strings. Even if you could make it work, I would not. That level of complexity really deserves a "real" HTTP type call, not being put into the HTML, know what I mean?

    That's my opinion anyway.
  • Commented on 12-11-2006 at 3:57 PM
    Agreed. I was thinking more along the lines of passing in the session struct, but I see your point.
  • Commented on 12-11-2006 at 5:04 PM
    Since I'm a client guy, and usually pawn security concerns off to you server-side dudes, perhaps you could either A) determine if something like CFQueryparam is necessary in situations in this for security reasons and B) if it is, perhaps convert it to AS3? It'd be h@wt!
  • Commented on 12-11-2006 at 5:06 PM
    Jester, I'm not quite sure cfqueryparam makes sense here, unless I'm misunderstanding you. In the past, I've only used flashvars for things that are not security related.
  • Commented on 12-11-2006 at 5:20 PM
    I've seen some pretty neat uses of FlashVars in Flex 1.5. The problem was that it dropped those values on _level0 (main scope back then) and I never really heard of anyone doing anything to ensure that those values were valid and inspected.

    Obviously, if you have that stuff on the server-side, that you can hack the client to to your heart's content, and not worry, but just curious; it seems MORE security is better than just the same. For example, using FlashVars to show data:

    somerecord=recordA

    Back in 1.5, you'd have somerecord defined for you on in your main Flex Application file. There is nothing stopping the user, at least from what I've seen, from doing the same thing they do in attempting to expose regular sites by injecting bad things into the params; the whole reason CFQueryparam (or whatever that tag is called) was invented in the first place; to ensure safe, acceptable query parameters. Flex, in both versions, doesn't appear to make a distinction. It just seems people would take this for granted. The dangers of messing with Application level variables is gone now that they are sequested in the parameters property, but it still seeems pretty easy to pass whatever I want if someone takes no steps client side to project it.

    Obviously, if they have the server-side portion, there isn't much I can do, but still I've never seen client side code implementations match up exactly with server-side, so seems to be to still be a valid concern.

    Make sense, or still not a big deal?
  • Commented on 12-11-2006 at 8:28 PM
    Ah - so if I read you right - you are saying that in the AS code, you should treat the flashvars just like you would treat a URL variable in CF. Ie - don't trust it. If you wanted a number, check to sdee that it is a number, greater than zero, etc. Are we on the same page?
  • Commented on 12-12-2006 at 6:55 AM
    The Flex-Ajax bridge is another thing you should look at:

    http://labs.adobe.com/wiki/index.php/Flex_Framewor...

    http://flexapps.macromedia.com/flex2beta3/fabridge...
  • Commented on 12-12-2006 at 11:40 AM
    I guess. I've just never really had to handle worrying about data integrity and security before. Most clients I create are presentation layers that leave all the security & verification to the back-end. So, when I first started messing with FlashVars in Flex 1.5, it was the first time I had to start worrying about security, that's all. Apparently, it seems liek a valid concern, for example inspecting that your data truly is "somewhat" valid. Was hoping for a cop-out answer, saying that "no, you don't have to worry about it.". Oh well!
  • prabaharan #
    Commented on 11-21-2011 at 7:59 AM
    hi, I need to pass flashvars from parent swf to child swf. is it possible?

Post Reply

Please refrain from posting large blocks of code as a comment. Use Pastebin or Gists instead. Text wrapped in asterisks (*) will be bold and text wrapped in underscores (_) will be italicized.

Leave this field empty