Security violation in processEvents()

[borisreitman]

I have flash debug player version installed: 17.0.0.188, testing on IE9.

I get the error of Security violation trying to access "unknown", in ExternalInterface call, in processEvent(). It is hard to reproduce, and I didn't copy exact error. I found the same kind of error posted by someone else:

SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller http://example.com/path/my.swf cannot access <unknown>.
at flash.external::ExternalInterface$/_evalJS()
at flash.external::ExternalInterface$/call()

Here's a suggested patch:

diff --git a/flash-src/src/net/gimite/websocket/WebSocketMain.as b/flash-src/src/net/gimite/websocket/WebSocketMa
index 3daa572..9839984 100644
--- a/flash-src/src/net/gimite/websocket/WebSocketMain.as
+++ b/flash-src/src/net/gimite/websocket/WebSocketMain.as
@@ -150,8 +150,12 @@ public class WebSocketMain extends Sprite implements IWebSocketLogger{
    */
   public function processEvents():void {
     if (eventQueue.length == 0) return;
-    if (!ExternalInterface.call("WebSocket.__onFlashEvent")) {
-      setTimeout(processEvents, 500);
+    try {
+      if (!ExternalInterface.call("WebSocket.__onFlashEvent")) {
+        setTimeout(processEvents, 500);
+      }
+    } catch(e:SecurityError){
+      trace("caught SecurityError when trying to processEvents. Not retrying again.");
     }
   }

[borisreitman]

I was able to reproduce the actual crash and have the precise error:

SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller
 http://example.com/path/websocket_polyfill/WebSocketMain.swf cannot access <unknown>.
        at flash.external::ExternalInterface$/_evalJS()
        at flash.external::ExternalInterface$/call()
        at net.gimite.websocket::WebSocketMain/processEvents()
        at net.gimite.websocket::WebSocketMain/onSocketEvent()
        at flash.events::EventDispatcher/dispatchEventFunction()
        at flash.events::EventDispatcher/dispatchEvent()
        at net.gimite.websocket::WebSocket/onSocketData()

[gimite]

Are the HTML file, web_socket.js and WebSocketMain.swf served in the same domain? Are they all served via HTTP, not HTTPS?

[borisreitman]

No, WebSocketMain.swf is loaded on the same domain as the website, but the web_socket.js is loaded from a subdomain. Both are loaded through HTTPS.

I want to be clear -- it works, only sometimes I get this error when I navigate to another page.

[gimite]

You mean, it only happens after you try to switch to another page? Then it may be a kind of timing issue that the page object is already unloaded when it receives the message.

[borisreitman]

Yes, thats what I think.

[yangfan1122]

About the SecurityError, it works well now? I got a same problem

[gimite]

Oops sorry, I forgot to merge the patch. Merged. Anyway I believe it happens only during closing the page.