Flex mobile wrap html page - apache-flex

I'm trying to write an AIR application to be deployed on a mobile device.
I have an HTTPS website that I go to and log in using a browser. I can view things in my account, etc.
I want to use my AIR app instead of the HTTPS website. Can I "wrap" or "skin" an html site using AIR?
So I'm looking at StageWebView, URLRequest, URLLoader.
I need to POST things like username, password, and other things.
How can I do it?

See ExternalInterface on AS3 reference that you can use to call Javascript-functions on your site.
You can show HTML content with mx:HTML
If all you need to do is POST or GET, look into HTTPService

You might wanna have a look at the StageWebViewBridge, it has some extended features compared to the default StageWebView
http://code.google.com/p/stagewebviewbridge/
We wanted to use it in a project but ended up in implementing the URL based communication on our own. BUt you should give it a try, mabye it works for you.

Related

Magnolia app which runs in frame

I'd like to create a magnolia app which will show content from extra page in the frame. I think it's possible, but cannot find any example how to do it.
Yes, it is indeed possible. What you are looking for is creation of custom app using EmbeddedPageSubApp. More details at documentation
If you want simple example, try to import and start this app. It should start simple JS game within your subapp.
Remember that any page you try to load in iframe will need to use same protocol as the main Magnolia app does or browser will most likely block it. In the example I gave, it would work only over http, but not over https, if you want to show something while people are connecting to your Magnolia over https, you would need to set url to be https too.
HTH,
Jan

What are reliable ways to identify/spot a single page application (SPA)?

When viewing a web application as a user, what are some reliable ways to determine if the app is a single page application (SPA)?
Depending on the framework used, the URL might make extensive use of hashtags. IF you click on navigation links, etc and the URL looks like http://somesite/#/some/route, then it is using hashtag-based routing and is a SPA. Angular 1.x did this for a while. However, newer routing engines use HTML5 features that make the route look like a normal URL: http://somesite/some/route. This URL would be indistinguishable from a non-SPA site. In that case, the only way to tell it is a SPA is to look at the javascript code (Does it use a SPA framework) and/or network traffic (when you click a link does it get the whole page, or just some JSON needed for the current view).

Preventing cross site scripting attack on flash container pages

I have a website with a flex application. The flex application has no user input - except for clicks for navigation. The website also uses no scripting language - i.e. no php, asp, jsp or cfm.
The website just consists of one page which contains the flash file for the flex application. The source code of this page is here: http://pastebin.com/n5b4RxqT
I have been advised (by a software program used by my client) that this website is vulnerable to a reflective type XSS attack and have been advised to 'sanitize' all user input.
I am a noob with respect to XSS and would respectfully like to ask that AFAIK there is no user input. What should I sanitize and how?
Thanks in advance
Using AC_OETags is the old way of doing things and is deprecated. What you want to do is use SWFObject which is now the default in Flash Builder 4.

Embedded image in external component?

I am developing a drop-in component for our company's websites. This component allows users to send messages to each other.
Making this, I've hit several problems during development, such as LoadControl() not working (as it seems to be relative to the project including the module, not the module itself).
I managed to fix this using an approach I found online, but now the next problem emerges - images.
To make the component look somewhat nice, images would be appreciated by the users for icons.
But, again, I am stuck at the same problem.
For instance, if I want an ImageButton, I would set it's ImageUrl property to "~/images/message.png", but this really references something inside my DLL and as such obviously doesn't work!
Is there a standard, good solution for this kind of problem?
Thanks!
You could use WebResources, look at
http://www.aspcode.net/Including-WebResource-in-ASPNET-server-control.aspx
or embedd image in control assembly as resource and serve it with http module, but you will have to declare that http module in web config of application that is using your control.

How to control which users can see which videos

Imagine you have a large number of video files stored on a server, and a Flex app which lets users play those videos they have access to. How can you best set this up? Wouldn't the Flex app just be sent the name of the video to play... in which case couldn't someone else write another flex app if they knew the file names? Can Flex play videos hosted on other sites? Is there some clever piece on the server I'm missing, which sits between the Flex video player and the files?
Ask users to log-in with a username and password - you can use OpenID if you want.
Update:
Set the crossdomain.xml of your server in such a way that only Flash movies from your domain can access content from there.
You can write a server-side script (in PHP or something else) that serves the file only if your user is allowed to see it (how to determine that you'll have to come up with yourself). This is a bit of a performance hit, although not so much if you use PHP's readfile().
Can Flex play videos hosted on other sites?
Your crossdomain.xml can control this. e.g. myvideoserver.com/crossdomain.xml would contain entries based on who you want to grant access to, like myflexserver.com. Then just ripping off your main flex application wouldn't give them access to your video files.

Resources