Xml – Flex: load xml from flex swf

apache-flexloadxml

I'm creating an (desktop) application with flex but AIR is not an option. (I've heard you need air-installer to play the .exe) My flex app needs to load a php generated xml but it has to run from the swf file when you export a release build.

When testing my flex application on the localhost, everything is fine. The xml is loaded and I get the data.
However after i export a release build, and launch the .swf, I get security voilation (sandbox) saying it cannot load the xml from the webpage.

Does anybody know a way around this?
Does anybody know if the air installer really is necessairy to launch the .exe? (i only have a mac)

Best Answer

Due to security limitations of the Flash Player you are running in a sandbox. If you launch the application SWF it will have a URL something like file:///path/to/my/app, which puts it in a local file sadbox (which is the most restrictive place to run a swf). AIR gives you a local file system sandbox also, but you gain the ability to access local files and save to disk. If you are running a swf from http://example.com you are in the example.com context ad can load content from that domain. If you need to load content from another domain, you will need a crossdomain.xml policy file on the other domain where the content/service lives.

alt text http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security/fig01.gif

This article explains, in great detail, the concept of the crossdomain.xml file. Here is an example that allows a conection from ANY domain to resources:

<?xml version="1.0"?>
<cross-domain-policy>
    <allow-access-from domain="*" />
    <site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

which would work in your case.

XML escape characters

There are only five:

"   &quot;
'   &apos;
<   &lt;
>   &gt;
&   &amp;

Escaping characters depends on where the special character is used.

The examples can be validated at the W3C Markup Validation Service.

Text

The safe way is to escape all five characters in text. However, the three characters ", ' and > needn't be escaped in text:

<?xml version="1.0"?>
<valid>"'></valid>

Attributes

The safe way is to escape all five characters in attributes. However, the > character needn't be escaped in attributes:

<?xml version="1.0"?>
<valid attribute=">"/>

The ' character needn't be escaped in attributes if the quotes are ":

<?xml version="1.0"?>
<valid attribute="'"/>

Likewise, the " needn't be escaped in attributes if the quotes are ':

<?xml version="1.0"?>
<valid attribute='"'/>

Comments

All five special characters must not be escaped in comments:

<?xml version="1.0"?>
<valid>
<!-- "'<>& -->
</valid>

CDATA

All five special characters must not be escaped in CDATA sections:

<?xml version="1.0"?>
<valid>
<![CDATA["'<>&]]>
</valid>

Processing instructions

All five special characters must not be escaped in XML processing instructions:

<?xml version="1.0"?>
<?process <"'&> ?>
<valid/>

XML vs. HTML

HTML has its own set of escape codes which cover a lot more characters.

Python – How to parse XML and count instances of a particular node attribute

I suggest ElementTree. There are other compatible implementations of the same API, such as lxml, and cElementTree in the Python standard library itself; but, in this context, what they chiefly add is even more speed -- the ease of programming part depends on the API, which ElementTree defines.

First build an Element instance root from the XML, e.g. with the XML function, or by parsing a file with something like:

import xml.etree.ElementTree as ET
root = ET.parse('thefile.xml').getroot()

Or any of the many other ways shown at ElementTree. Then do something like:

for type_tag in root.findall('bar/type'):
    value = type_tag.get('foobar')
    print(value)

And similar, usually pretty simple, code patterns.