Comments on: Flash 10 and the bad news for JavaScript interaction

By: Coupons

Coupons — Fri, 27 Mar 2009 09:25:34 +0000

it is not good. It should be made to work on IE and non-IE browsers.

By: msnek

msnek — Sun, 04 Jan 2009 07:43:24 +0000

thanks

By: cordell

cordell — Wed, 29 Oct 2008 11:21:59 +0000

So, famous copy-text to clipboard (with _clipboard.swf from Mark O’Sullivan) for non IE browsers doesn’t work anymore on Flash 10. Crap, i just noticed that today when checking our production-home-page…
Are there any known work-arounds yet? Or is there ANY other way to save text to clipboard on non-IE browsers with JavaScript ?

By: PeterMichaux

PeterMichaux — Thu, 02 Oct 2008 21:16:53 +0000

So what does this mean for a project like HotRuby?

By: Si

Si — Wed, 01 Oct 2008 04:32:32 +0000

Unless I have completely missed the point here, I don’t understand why the security changes to FP10 will prevent some of you from uploading multiple files, it can be done using a standard HTML form.

Not good enough? Then why not just create a form in Flash instead of using a JS hack? Either way the end user is going to need the Flash plugin installed, and either way you will need to fallback to HTML if (a) the Flash plugin isn’t installed or (b) JavaScript isn’t enabled.

By: Schill

Schill — Tue, 30 Sep 2008 18:20:12 +0000

A potential workaround: Make the flash movie transparent and position it over the relevant “select files” link, thus Flash will capture the click, the “origin” test should pass and things should work as previously. (Theoretically. :D)

By: punkscum

punkscum — Mon, 29 Sep 2008 13:41:33 +0000

The positive thing about all this for the end user, is that Flash Player is more secure than before, if this user is also one of those who auto skips Flash content, then this might make his life better since the developer behind the site might drop Flash if he knows he won’t be able to do his javascript “hack” anymore.

So finally people who don’t like flash won’t have to be in contact with Flash, while they probably will feel less “annoyed” they’ll also be missing some really cool features. Flash Player is really a cool way to deliver your content, wether it is an application or a simple animation, I don’t understand why people find “Flash” evil and use other tools/programs that are twice more annoying … The operating system used by most of my site’s visitors is another proof

As for developers, I guess this is a big problem for all those who used these techniques and as an addicted to all things Flash developper I also got a bit worried about these new “security” features, but I think people have been asking for it for so long, so all the efforts Adobe are making to make the Flash Player secure is kind of logical, and I’m sure we’ll find other ways to enable/add features to JavaScript

By: jlward4th

jlward4th — Mon, 29 Sep 2008 12:26:05 +0000

Lets not forget that the browsers, outside of standards, also made similar breaking changes to things like pop-up windows. I think IE was the first which required user interaction to pop-up a new window. Mozilla did the same and I had to fix a bunch of my HTML / JavaScript applications. There wasn’t a W3C standards body that decided on this change. Browsers made the change to protect users from malicious websites. This is exactly what Flash Player 10 is doing. There are workarounds for those using Flash for file upload.

-James (Adobe)

By: nexus09

nexus09 — Mon, 29 Sep 2008 11:15:55 +0000

The only security changes are requiring user interaction before allowing clipboard access and opening a file dialog box. There are no addditional restrictions on interacting with Javascript. And the fix in both cases is very simple. Why is this of any major concern. Did I miss something in the article?

By: Mark

Mark — Mon, 29 Sep 2008 08:49:50 +0000

Couldn’t they have just made a confirm dialog?

“Site xyz wants to open a file dialog, allow this?”
“Yes”
“No”
“No, and don’t bother me any more for this site”

and add that to the “accepted” list, done.

By: cosmincimpoi

cosmincimpoi — Mon, 29 Sep 2008 07:37:08 +0000

From one of TFAs: “HTML security guidelines do not allow the opening of file dialog windows without user interaction”. This was just a matter of time IMHO.
Why do you think the file input type field is that nasty to hack in html?
But I’m confident that the SWFUpload devs will find a suitable workaround soon enough.

By: sos

sos — Mon, 29 Sep 2008 07:36:33 +0000

Does this also mean that flash based local storage will no longer work? E.g. The flash handler for dojo.storage?

By: jole

jole — Mon, 29 Sep 2008 07:33:46 +0000

if (flash installed && version < 10) useFlashUploaderWithHTMLUI();
else if (java installed) useJavaUploaderWithHTMLUI();
else useStandardSingleFileAtTimeUploader();

By: kyriakos

kyriakos — Mon, 29 Sep 2008 05:26:09 +0000

to Thomas and Robert:

This is the result of people being forced to used closed standards since the open standards have not been catering for their needs in so many years. The HTML specification should have allowed some flexibility over the file upload input field for a long time..

By: PedroBatista

PedroBatista — Mon, 29 Sep 2008 01:07:27 +0000

But Gears is installed in a tiny percentage of computers and breaks everytime a browser vendor updates their product, even a couple security fixes can break Gears support.
.
The whole “Don’t break the Web” has a new meaning now.

By: Breton

Breton — Sun, 28 Sep 2008 21:57:50 +0000

Uhm…. Gears? I’m pretty sure gears s’ports multiple file uploads.

By: paulsidekick

paulsidekick — Sun, 28 Sep 2008 21:34:31 +0000

Seriously, this is terrible news. I am all about open technologies and any of my sites which use mutlifile upload downgrade to regular html upload when the flash player is not available. That being said – nothing matches the convenience of being about to select 20 files at once and get feedback for each one as to how far it is uploaded while still being able to do other things. I use it on my blog at estrip.org and it allows me to continue typing a journal while all the files are uploading. I think wordpress and flickr use it in a similar fashion.

My users are goign to freak if they have to upload fiels one at a time, either that or they will just stop uploading as much content which is sad. Same with flickr. The alternative is that i am goign to have to make a whole flash based widget or switch technologies altogether to gear or silverlight or java, blah.

It was great with flash because there was such a high install base thanks to youtube.

What they really should do is prompt the user with a security warning, or say, “Site blah wants to upload files” the same way that they do when a site asks to use your camera or microphone. That way teh hundred if not thousdands of sites that use multifile uploads would not break but instad just be more secure.

By: mjuhl

mjuhl — Sun, 28 Sep 2008 18:52:21 +0000

I would have to agree with Thomas and Robert. Website functionality shouldn’t rely on third party plug-ins, especially if they aren’t open source. This could be an opportunity for some real creativity, I think. Forget Java applets. Nothing makes me hit the back button faster.

By: robertlovescss

robertlovescss — Sun, 28 Sep 2008 17:23:57 +0000

sorry to sound like an ass, but thats what you all get for using flash in the first place. to me, the ‘open web’ should be open source.

By: ThomasHansen

ThomasHansen — Sun, 28 Sep 2008 11:04:59 +0000

@TheWorld
I guess this shows the importance of following Open Standards and not rely on closed down, proprietary lock-in technology…
HTML6…?